CVE-2021-34204
MEDIUMD-Link DIR-2640-US 1.01B04 - Insufficiently Protected Credentials
Title source: llmDescription
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.
References (4)
Core 4
Core References
Broken Link x_refsource_misc
http://d-link.com
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Broken Link, URL Repurposed x_refsource_misc
http://dir-2640-us.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204
Scores
CVSS v3
6.8
EPSS
0.0006
EPSS Percentile
19.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
dlink/dir-2640-us_firmware
1.01b04
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026