CVE-2021-34204
MEDIUMDlink Dir-2640-us Firmware - Insufficiently Protected Credentials
Title source: ruleDescription
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.
Scores
CVSS v3
6.8
EPSS
0.0006
EPSS Percentile
19.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-522
Status
published
Affected Products (1)
dlink/dir-2640-us_firmware
Timeline
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026