CVE-2021-34202

HIGH

D-Link DIR-2640-US Firmware 1.01B04 - Out-of-bounds Write

Title source: llm
STIX 2.1

Description

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
http://d-link.com
Broken Link, URL Repurposed
http://dir-2640-us.com

Scores

CVSS v3 7.8
EPSS 0.0364
EPSS Percentile 88.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
dlink/dir-2640-us_firmware 1.01b04
Published Jun 16, 2021
Tracked Since Feb 18, 2026