CVE-2021-27342

MEDIUM

D-Link Router DIR-842 v3.0.2 - Auth Bypass

Title source: llm

Description

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack

Exploits (2)

nomisec WORKING POC 14 stars

by mavlevin · poc

https://github.com/mavlevin/D-Link-CVE-2021-27342-exploit

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/guywhataguy/d-link-cve-2021-27342-exploit

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html

[Exploit, Third Party Advisory] https://github.com/guywhataguy/D-Link-CVE-2021-27342-exploit/blob/main/dlink-telnet-exploit-CVE-2021-27342.py

[Vendor Advisory] https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10225

Scores

CVSS v3 5.9

EPSS 0.0743

EPSS Percentile 91.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-203

Status published

Products (1)

dlink/dir-842e_firmware < 3.0.2

Published May 17, 2021

Tracked Since Feb 18, 2026