CVE-2021-34202
HIGHD-Link DIR-2640-US Firmware 1.01B04 - Out-of-bounds Write
Title source: llmDescription
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
http://d-link.com
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Broken Link, URL Repurposed x_refsource_misc
http://dir-2640-us.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202
Scores
CVSS v3
7.8
EPSS
0.0033
EPSS Percentile
56.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
dlink/dir-2640-us_firmware
1.01b04
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026