CVE-2021-34202
HIGHD-Link DIR-2640-US Firmware 1.01B04 - Out-of-bounds Write
Title source: llmDescription
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
http://d-link.com
Broken Link, URL Repurposed
http://dir-2640-us.com
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
Exploit, Third Party Advisory
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202
Scores
CVSS v3
7.8
EPSS
0.0364
EPSS Percentile
88.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
dlink/dir-2640-us_firmware
1.01b04
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026