CVE-2021-20132
HIGHD-Link DIR-2640-US Firmware <= 1.11b02 - Use of Hard-coded Credentials in Quagga Services
Title source: llmDescription
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-44
Scores
CVSS v3
8.8
EPSS
0.0047
EPSS Percentile
64.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
dlink/dir-2640-us_firmware
< 1.11b02
Published
Dec 30, 2021
Tracked Since
Feb 18, 2026