VYPR

DIR-2640

by Dlink

CVEs (15)

  • CVE-2021-20132HigDec 30, 2021
    risk 0.58cvss 8.8epss 0.04

    Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the…

  • CVE-2024-5293HigMay 23, 2024
    risk 0.57cvss 8.8epss 0.02

    D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this…

  • CVE-2023-32149HigMay 3, 2024
    risk 0.57cvss 8.8epss 0.01

    D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to…

  • CVE-2021-20134HigDec 30, 2021
    risk 0.55cvss 8.4epss 0.08

    Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra…

  • CVE-2021-34203HigJun 16, 2021
    risk 0.53cvss 8.1epss 0.01

    D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use…

  • CVE-2021-34202HigJun 16, 2021
    risk 0.51cvss 7.8epss 0.04

    There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve…

  • CVE-2023-32153MedMay 3, 2024
    risk 0.46cvss 6.8epss 0.23

    D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this…

  • CVE-2023-32150MedMay 3, 2024
    risk 0.46cvss 6.8epss 0.23

    D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this…

  • CVE-2021-34201HigJun 16, 2021
    risk 0.46cvss 7.1epss 0.01

    D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.

  • CVE-2023-32152MedMay 3, 2024
    risk 0.44cvss 6.5epss 0.27

    D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-32151MedMay 3, 2024
    risk 0.44cvss 6.8epss 0.02

    D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this…

  • CVE-2023-32148MedMay 3, 2024
    risk 0.44cvss 6.5epss 0.27

    D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-32147MedMay 3, 2024
    risk 0.44cvss 6.8epss 0.02

    D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this…

  • CVE-2021-34204MedJun 16, 2021
    risk 0.44cvss 6.8epss 0.01

    D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be…

  • CVE-2021-20133MedDec 30, 2021
    risk 0.40cvss 6.1epss 0.02

    Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of…