CVE-2021-39615
CRITICALD-Link DSR-500N 1.02 - Use of Hard-coded Credentials in /etc/passwd
Title source: llmDescription
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235
Exploit, Third Party Advisory x_refsource_misc
https://www.nussko.com/advisories/advisory-2021-08-02.txt
Scores
CVSS v3
9.8
EPSS
0.0227
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
dlink/dsr-500n_firmware
1.02
Published
Aug 23, 2021
Tracked Since
Feb 18, 2026