CVE-2021-33259

2021-10-3118:32:52

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

JSON

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users’ DNS query history.

References

d-link.com

dir-868lw.com

github.com/jayus0821/uai-poc/blob/main/D-Link/DIR-868L/webaccess_UAI.md

www.dlink.com/en/security-bulletin/