D-Link Forums

Announcements => Security Advisories => Topic started by: GreenBay42 on July 13, 2021, 09:30:23 AM

Title: DIR-3040 - Multiple Vulnerabilities
Post by: GreenBay42 on July 13, 2021, 09:30:23 AM: For updated information and firmware patch, visit https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10228 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10228)

Overview

On April 28, 2021, Cisco Talos security research submitted a report accusing the DIR-3040 using firmware v1.13B03 of multiple vulnerabilites. The Vulnerabilities was confirmed and a patch was issued too close the reported issues.

3rd Party Report information

- vulndiscovery _at_ external _dot_ cisco _dot_ com

TALOS-2021-1281 CVE-2021-21816 - Syslog information disclosure vulnerability
TALOS-2021-1282 CVE-2021-21817 - Zebra IP Routing Manager information disclosure vulnerability
TALOS-2021-1283 CVE-2021-21818 - Zebra IP Routing Manager hard-coded password vulnerability
TALOS-2021-1284 CVE-2021-21819 - Libcli command injection vulnerability
TALOS-2021-1285 CVE-2021-21820 - Libcli Test Environment hard-coded password vulnerability

SMF 2.0.13 | SMF © 2016, Simple Machines