CVE-2021-27342

MEDIUM

D-Link Router DIR-842 v3.0.2 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-27342. PoCs published by mavlevin.

AI-analyzed exploit summary This exploit bypasses authentication throttling in D-Link routers via a timing side-channel, allowing brute-force attacks on the telnet service with reduced delays. It leverages socket interactions to detect successful authentication by analyzing response timing.

Description

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack

Exploits (2)

nomisec WORKING POC 14 stars

by mavlevin · poc

https://github.com/mavlevin/D-Link-CVE-2021-27342-exploit

View Code ZIP pw:eip

This exploit bypasses authentication throttling in D-Link routers via a timing side-channel, allowing brute-force attacks on the telnet service with reduced delays. It leverages socket interactions to detect successful authentication by analyzing response timing.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: D-Link routers (specific versions affected by CVE-2021-27342)

No auth needed

Prerequisites: Network access to the target device's telnet service (port 23) · A wordlist for brute-forcing passwords

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/guywhataguy/d-link-cve-2021-27342-exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-27342, which bypasses authentication throttling in D-Link routers' telnet service, allowing brute-force attacks with minimal delay between attempts.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: D-Link routers (telnet service)

No auth needed

Prerequisites: network access to the target device · telnet service enabled on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10225

Exploit, Third Party Advisory x_refsource_misc

https://github.com/guywhataguy/D-Link-CVE-2021-27342-exploit/blob/main/dlink-telnet-exploit-CVE-2021-27342.py

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html

Scores

CVSS v3 5.9

EPSS 0.0743

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-203

Status published

Products (1)

dlink/dir-842e_firmware < 3.0.2

Published May 17, 2021

Tracked Since Feb 18, 2026