Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the βadminβ user, UID 0).
[
{
"product": "Quagga Services on D-Link DIR-2640 Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "<= 1.11B02"
}
]
}
]