The vulnerability in the prog.cgi web interface script of D-Link DIR-2640-US’s router software allows a hacker to execute arbitrary code.

The vulnerability in the prog.cgi web interface for managing D-Link DIR-2640-US router microprogramming software relates to the escape of operations beyond the buffer in memory when checking the length of data entered by the user. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability in the web interface for managing D-Link DIR-2640-US microprogramming software allows a hacker to bypass security restrictions.

The vulnerability of the web interface for managing D-Link DIR-2640-US microprogramming software is related to deficiencies in the authentication process when processing the LoginPassword parameter. Exploiting this vulnerability allows a malicious actor to bypass security restrictions by sending ...

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the PrefixLen parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary cod...

The vulnerability in the web interface for managing D-Link DIR-2640-US microprogramming software allows a hacker to bypass security restrictions.

The vulnerability of the web interface for managing D-Link DIR-2640-US microprogramming devices is related to deficiencies in the authentication process when processing requests containing XML elements. Exploiting this vulnerability can allow a malicious actor to circumvent security restrictions...

PT-2022-6582 · D Link · D-Link Dir-2640-Us

Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640-US versions affected versions not specified Description: The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-2640-US router's firmware, specifically with the handling of the LocalIPAddress...

The vulnerability of the D-Link DIR-2640-US router’s microprogramming software lies in the insufficient protection of registration data, allowing attackers to elevate their privileges to the root level.

The vulnerability of the D-Link DIR-2640-US router’s microprogramming software is related to insufficient protection for registration data. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...

D-Link DIR-2640-US Account Password Plaintext Storage Vulnerability

The D-Link DIR-2640-US is a network router device. A security vulnerability exists in the D-Link DIR-2640-US, which can be exploited by an attacker to easily log in to the target router via a serial port and gain root privileges...

D-Link DIR-2640-US Incorrect Access Control Vulnerability

The D-Link DIR-2640-US is a network router device. A security vulnerability exists in the D-Link DIR-2640-US, which can be exploited by an attacker to use telnet login, modify routing information, monitor the traffic of all devices under the router, hijack DNS, and phishing attacks...

D-Link DIR-2640-US Buffer Overflow Vulnerability

The D-Link DIR-2640-US is a smart AC2600 high power Wi-Fi Gigabit router. A buffer overflow vulnerability exists in the D-Link DIR-2640-US version 1.01B04. An attacker can exploit this vulnerability by overriding a global variable in a .bss segment to cause a process crash or change...

CVE-2021-34203

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 dir-2640-us, when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify...

Buffer overflow

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

Design/Logic Flaw

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600DIR-2640 stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users...

Default credentials

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 dir-2640-us, when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify...

CVE-2021-34204

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600DIR-2640 stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users...

CVE-2021-34201

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

CVE-2021-34203

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 dir-2640-us, when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify...

CVE-2021-34203

CVE-2021-34203 affects the D-Link DIR-2640-US router (version 1.01B04). The vulnerability is described as Incorrect Access Control during PPPoE setup, where the router starts the quagga process with the original default password and port, allowing an attacker to log in via telnet, modify routing ...

D-Link DIR-2640-US 安全漏洞

The D-Link DIR-2640-US is a network router device. A security vulnerability exists in the D-Link DIR-2640-US, which can be exploited by an attacker to easily log in to the target router via a serial port and gain root privileges...

D-Link DIR-2640-US 安全漏洞

The D-Link DIR-2640-US is a network router device. A security vulnerability exists in the D-Link DIR-2640-US, which can be exploited by an attacker to use telnet login, modify routing information, monitor the traffic of all devices under the router, hijack DNS, and phishing attacks...

PT-2021-3322 · D Link · D-Link Dir-2640-Us

Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640-US version 1.01B04 Description: The issue is related to Incorrect Access Control in the D-Link DIR-2640-US router. When setting up PPPoE, the router starts the quagga process, which uses the default password and port, allowing...