skip to Main Content

Cybersecurity, multiple vulnerabilities in D-LINK DIR-3040 wireless router

Cisco Talos discovered. multiple vulnerabilities in D-LINK DIR-3040 wireless router. An attacker could carry out a variety of malicious actions, including exposing sensitive information, causing a DoS and executing arbitrary code

D-LINK DIR-3040 wireless router has multiple vulnerabilities. It has been discovered by Cisco Talos cybersecurity experts. The flaws could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service and gaining the ability to execute arbitrary code. The vulnerabilities are:

  • CVE-2021-21816 and CVE-2021-21817 are information disclosure flaws in the router that could be triggered by a specially crafted network request. An attacker could exploit these vulnerabilities to view the device’s system log;
  • CVE-2021-21818 and CVE-2021-21820 are both hardcoded password vulnerabilities. However, the could cause a denial of service, while the second could allow an attacker to execute code on the router.
  • CVE-2021-21819: An adversary could also gain the ability to execute code by exploiting the flaw after sending the target a sequence of requests.

Cisco Talos worked with D-LINK to ensure that these issues are resolved and an update is available for affected customers.

Back To Top