Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.DLINK_DIR-605_CVE-2021-40655.NASL
HistoryMay 23, 2024 - 12:00 a.m.

DLink DIR equal to 2.01MT (CVE-2021-40655)

2024-05-2300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
dlink dir
2.01mt
information disclosure
cve-2021-40655
nessus
scanner
firmware

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.086 Low

EPSS

Percentile

94.5%

The version of DLink DIR installed on the remote host is equal to 2.01MT. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-40655 advisory.

  • An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page (CVE-2021-40655)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(197740);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/23");

  script_cve_id("CVE-2021-40655");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/06/06");

  script_name(english:"DLink DIR equal to 2.01MT (CVE-2021-40655)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of DLink DIR installed on the remote host is equal to 2.01MT. It is, therefore, affected by a
vulnerability as referenced in the CVE-2021-40655 advisory.

  - An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can
    obtain a user name and password by forging a post request to the / getcfg.php page (CVE-2021-40655)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10393
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1768f114");
  script_set_attribute(attribute:"solution", value:
"Upgrade DLink DIR based upon the guidance specified in CVE-2021-40655.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-40655");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:d-link:DIR-605");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("dlink_dir_www_detect.nbin");
  script_require_keys("installed_sw/DLink DIR");

  exit(0);
}

include('vcf.inc');
include('http.inc');

var port = get_http_port(default:80, embedded:TRUE);

var app_info = vcf::get_app_info(app:'DLink DIR', port:port, webapp:TRUE);

if (empty_or_null(app_info['model']) ||
    'DIR-605' >!< app_info['model'])
    audit(AUDIT_DEVICE_NOT_VULN, 'DLink DIR model');

var constraints = [
  { 'equal' : '2.01MT', 'fixed_display' : 'See vendor advisory' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);
VendorProductVersionCPE
d-linkdir-605cpe:/o:d-link:dir-605

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.086 Low

EPSS

Percentile

94.5%

Related for DLINK_DIR-605_CVE-2021-40655.NASL