CVE-2021-28838
HIGHDlink Dap-2310 Firmware < 2.10rc039 - NULL Pointer Dereference
Title source: ruleDescription
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf
Third Party Advisory x_refsource_misc
https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf
Scores
CVSS v3
7.5
EPSS
0.0104
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (14)
dlink/dap-2310_firmware
< 2.10rc039
dlink/dap-2330_firmware
1.10rc036 beta
dlink/dap-2330_firmware
< 1.10rc036
dlink/dap-2360_firmware
< 2.10rc055
dlink/dap-2553_firmware
3.10rc039 beta
dlink/dap-2553_firmware
< 3.10rc039
dlink/dap-2660_firmware
< 1.15rc131b
dlink/dap-2690_firmware
3.20rc115 beta
dlink/dap-2690_firmware
< 3.20rc115
dlink/dap-2695_firmware
< 1.20rc093
... and 4 more
Published
Aug 10, 2021
Tracked Since
Feb 18, 2026