Lucene search
China National Vulnerability DatabaseCNVD-2021-94842HistoryAug 13, 2021 - 12:00 a.m.
Multiple D-Link products null pointer dereference vulnerability
2021-08-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
d-link
products
null pointer vulnerability
http
get request
handling
crash
exploit
wireless network access point
small businesses
schools
EPSS
0.002
Percentile
54.8%
The D-Link DAP-2310 is a single-band wireless network access point for small businesses or schools that need a fast and reliable wireless network. the DAP-2330 is a wireless N300 single-band PoE access point. A null pointer dereference vulnerability exists in several D-Link products. The vulnerability stems from the fact that when the binary processes a specific HTTP GET request with NULL content in the upload_file variable in the upload_config function, strncasecmp takes NULL as the first parameter, resulting in a NULL pointer dereference. An attacker could exploit the vulnerability to cause the program to crash.
Related
nvd
nvd
CVE-2021-28840
2021-08-10 18:15:07
cvelist
cvelist
CVE-2021-28840
2021-08-10 17:32:44
prion
prion
Null pointer dereference
2021-08-10 18:15:00
cve
cve
CVE-2021-28840
2021-08-10 18:15:07