CVE-2021-34204

MEDIUM

D-Link DIR-2640-US 1.01B04 - Insufficiently Protected Credentials

Title source: llm
STIX 2.1

Description

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

References (4)

Core 4
Core References
Broken Link x_refsource_misc
http://d-link.com
Broken Link, URL Repurposed
http://dir-2640-us.com

Scores

CVSS v3 6.8
EPSS 0.0112
EPSS Percentile 62.3%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
dlink/dir-2640-us_firmware 1.01b04
Published Jun 16, 2021
Tracked Since Feb 18, 2026