VAR-202104-1584
Vulnerability from variot - Updated: 2024-05-17 22:55D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DSL? 320B is an Ethernet modem of D-Link Corporation in Taiwan. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem
======== < Table of Contents > =========================================
- Overview
- Details
- Solution
- Disclosure Timeline
- Thanks & Acknowledgements
- References
- Credits
- Legal Notices
======== < 0.
Severity: Critical
CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-ID: CVE-2021-26709
Vendor: D-Link
Affected Products: DSL-320B-D1
Affected Versions: EU_1.25 and lower
======== < 1. Details > ================================================
During a Penetration Test it was possible to identify and exploit multiple Stack Buffer Overflows (1) in the D-Link DSL-320B-D1 ADSL modem ,a now legacy model, which is distributed in the past by Telecom Italia on loan for use together with the residential ADSL line.
The vulnerabilities are present in the login functionality, exposed by "login.xgi" with "user" and "pass" parameters.
[[ GET /login.xgi?user=" + payload + "&pass=abcde HTTP/1.1\nHost: " + host + "\n\n" ]]
To exploit the vulnerability using "user" parameter, you need construct the payload like the following:
[[ OFFSET = 652 ADDR = 0x7ffe8ab0
payload = "A"*OFFSET payload += pack(">I", ADDR) payload += shellcode ]]
While the "pass" parameter uses 641 as offset.
The payload must be passed as parameter value in a GET request.
You can found a working shellcode here: https://www.exploit-db.com/shellcodes/45541
You will have to change the ip/port to match your network configuration.
Using ROP is possible to avoid to use the hardcoded addresses.
======== < 2. Solution > ===============================================
Refer to D-Link Support Announcements "SAP10216" for details (2).
======== < 3. Disclosure Timeline > ====================================
09/01/2021 : Discovery of the vulnerability 23/01/2021 : Vulnerability submitted to vendor 25/01/2021 : Vendor request more info about exploit the vulnerabilities 27/01/2021 : Sent details to vendor 01/02/2021 : Request status update to the vendor 13/02/2021 : Sent CVE assigned by mitre to vendor 13/02/2021 : Vendor response, analysis in progress 30/03/2021 : Request status update to the vendor 30/03/2021 : Vendor confirm the vulnerabilities 07/04/2021 : Public disclosure
======== < 4. Thanks & Acknowledgements > ==============================
D-Link US SIRT
======== < 5. References > =============================================
(1) https://cwe.mitre.org/data/definitions/121.html (2) https://supportannouncement.us.dlink.com/announcement/publication.as px?name=SAP10216 (3) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26709
======== < 6. Credits > ================================================
This vulnerability was discovered and reported by:
Gabriele 'matrix' Gristina (gabriele DOT gristina AT gmail DOT com)
Contacts:
https://www.linkedin.com/in/gabrielegristina https://twitter.com/gm4tr1x https://github.com/matrix/
======== < 7. Legal Notices > ==========================================
Copyright (c) 2021 Gabriele 'matrix' Gristina
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without mine express written consent. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email me for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on,this information.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEElKssfhju0ogMPPCn7SvzgGQpUxsFAmBuug8ACgkQ7SvzgGQp UxsERA//SsjAPq95yZItWPBiSrOSxUuRUUAzwzuo4bIYNb5bjfMDgB/HsnwwtG5W yPXUoKWHLxyaX3nconGirDOHNSYNTd23sYXx+K3T97l/cPNZ3Nv5vk9DRDK76NNc Xe2v7WdBBS1jAbuKKAHv8ioc+uxPs9oi9Iz70Uv9pQsaq2QSm6B+AX5s0fQIsgje glPPYMLAasdmr4Wwk6XBOrzw8zvnkMxaRGsIJ2QmIpl7kmiN2BivSSKWfS8rUhEG RfhIyTjDyN1yHU+GOTEJe04D8CjpLSUCsfFz7BxPYs1IFK44RZfiMJp4c7o7vMPG uXJWpeq6wfraCh/g/JY5rvOpiyYC5e+mtg8MQjJW5ZEkK8Szg14douVn/bLsRFIc cEs3mImqE/8pwksKDRLqAUq9/Q1dt5FRwFLJDpX5e18bwR1XOU1+iRMQJuUGBnre UEibw1u8bSjJakFi9gCXQC2LrvbAC/tc97I42bA7qhiJxmOaMdPWt/C7Is/bVdYB JdVUej2eMBlsmfVaPbM6aT18+Z9sfIMKaGq9nAbBmY+DNI6gBfX0ty8X1o39ADcQ I+DEXnKBZP1YhWlvYYR5mBMYs9wJzw8OGyeGqK2LU1tmWfF9d0drXK5pvK1sSpQh /ytQ4g/jSRp+UBK7Ulxep08gCphGuAkc7NuKsbHh4YgkCbIaIDI= =4j+1 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-1584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsl-320b-d1",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "eu_1.25"
},
{
"model": "dsl-320b-d1 \u003c=eu 1.25",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:d-link:dsl-320b-d1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "eu_1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:d-link:dsl-320b-d1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriele Gristina",
"sources": [
{
"db": "PACKETSTORM",
"id": "162133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
}
],
"trust": 0.7
},
"cve": "CVE-2021-26709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-29840",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-26709",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-26709",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-29840",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-430",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-26709",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"db": "VULMON",
"id": "CVE-2021-26709"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
},
{
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DSL? 320B is an Ethernet modem of D-Link Corporation in Taiwan. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nMultiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem\n\n======== \u003c Table of Contents \u003e =========================================\n\n0. Overview\n1. Details\n2. Solution\n3. Disclosure Timeline\n4. Thanks \u0026 Acknowledgements\n5. References\n6. Credits\n7. Legal Notices\n\n======== \u003c 0. \n\nSeverity: Critical\n\nCVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\nCVE-ID: CVE-2021-26709\n\nVendor: D-Link\n\nAffected Products: DSL-320B-D1\n\nAffected Versions: EU_1.25 and lower\n\n======== \u003c 1. Details \u003e ================================================\n\nDuring a Penetration Test it was possible to identify and exploit\nmultiple Stack Buffer Overflows (1) in the D-Link DSL-320B-D1 ADSL modem\n,a now legacy model, which is distributed in the past by Telecom Italia\non loan for use together with the residential ADSL line. \n\nThe vulnerabilities are present in the login functionality, exposed by\n\"login.xgi\" with \"user\" and \"pass\" parameters. \n\n[[\nGET /login.xgi?user=\" + payload + \"\u0026pass=abcde HTTP/1.1\\nHost: \" +\nhost + \"\\n\\n\"\n]]\n\nTo exploit the vulnerability using \"user\" parameter, you need\nconstruct the payload like the following:\n\n[[\nOFFSET = 652\nADDR = 0x7ffe8ab0\n\npayload = \"A\"*OFFSET\npayload += pack(\"\u003eI\", ADDR)\npayload += shellcode\n]]\n\nWhile the \"pass\" parameter uses 641 as offset. \n\nThe payload must be passed as parameter value in a GET request. \n\nYou can found a working shellcode here:\nhttps://www.exploit-db.com/shellcodes/45541\n\nYou will have to change the ip/port to match your network configuration. \n\nUsing ROP is possible to avoid to use the hardcoded addresses. \n\n======== \u003c 2. Solution \u003e ===============================================\n\nRefer to D-Link Support Announcements \"SAP10216\" for details (2). \n\n======== \u003c 3. Disclosure Timeline \u003e ====================================\n\n09/01/2021 : Discovery of the vulnerability\n23/01/2021 : Vulnerability submitted to vendor\n25/01/2021 : Vendor request more info about exploit the vulnerabilities\n27/01/2021 : Sent details to vendor\n01/02/2021 : Request status update to the vendor\n13/02/2021 : Sent CVE assigned by mitre to vendor\n13/02/2021 : Vendor response, analysis in progress\n30/03/2021 : Request status update to the vendor\n30/03/2021 : Vendor confirm the vulnerabilities\n07/04/2021 : Public disclosure\n\n======== \u003c 4. Thanks \u0026 Acknowledgements \u003e ==============================\n\nD-Link US SIRT\n\n======== \u003c 5. References \u003e =============================================\n\n(1) https://cwe.mitre.org/data/definitions/121.html\n(2) https://supportannouncement.us.dlink.com/announcement/publication.as\npx?name=SAP10216\n(3) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26709\n\n======== \u003c 6. Credits \u003e ================================================\n\nThis vulnerability was discovered and reported by:\n\nGabriele \u0027matrix\u0027 Gristina (gabriele DOT gristina AT gmail DOT com)\n\nContacts:\n\nhttps://www.linkedin.com/in/gabrielegristina\nhttps://twitter.com/gm4tr1x\nhttps://github.com/matrix/\n\n======== \u003c 7. Legal Notices \u003e ==========================================\n\nCopyright (c) 2021 Gabriele \u0027matrix\u0027 Gristina\n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without mine express\nwritten consent. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease email me for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. \nUse of the information constitutes acceptance for use in an AS IS\ncondition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of,\nor reliance on,this information. \n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEElKssfhju0ogMPPCn7SvzgGQpUxsFAmBuug8ACgkQ7SvzgGQp\nUxsERA//SsjAPq95yZItWPBiSrOSxUuRUUAzwzuo4bIYNb5bjfMDgB/HsnwwtG5W\nyPXUoKWHLxyaX3nconGirDOHNSYNTd23sYXx+K3T97l/cPNZ3Nv5vk9DRDK76NNc\nXe2v7WdBBS1jAbuKKAHv8ioc+uxPs9oi9Iz70Uv9pQsaq2QSm6B+AX5s0fQIsgje\nglPPYMLAasdmr4Wwk6XBOrzw8zvnkMxaRGsIJ2QmIpl7kmiN2BivSSKWfS8rUhEG\nRfhIyTjDyN1yHU+GOTEJe04D8CjpLSUCsfFz7BxPYs1IFK44RZfiMJp4c7o7vMPG\nuXJWpeq6wfraCh/g/JY5rvOpiyYC5e+mtg8MQjJW5ZEkK8Szg14douVn/bLsRFIc\ncEs3mImqE/8pwksKDRLqAUq9/Q1dt5FRwFLJDpX5e18bwR1XOU1+iRMQJuUGBnre\nUEibw1u8bSjJakFi9gCXQC2LrvbAC/tc97I42bA7qhiJxmOaMdPWt/C7Is/bVdYB\nJdVUej2eMBlsmfVaPbM6aT18+Z9sfIMKaGq9nAbBmY+DNI6gBfX0ty8X1o39ADcQ\nI+DEXnKBZP1YhWlvYYR5mBMYs9wJzw8OGyeGqK2LU1tmWfF9d0drXK5pvK1sSpQh\n/ytQ4g/jSRp+UBK7Ulxep08gCphGuAkc7NuKsbHh4YgkCbIaIDI=\n=4j+1\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26709"
},
{
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"db": "VULMON",
"id": "CVE-2021-26709"
},
{
"db": "PACKETSTORM",
"id": "162133"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26709",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "162133",
"trust": 1.8
},
{
"db": "DLINK",
"id": "SAP10216",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2021-29840",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-430",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-26709",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "45541",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"db": "VULMON",
"id": "CVE-2021-26709"
},
{
"db": "PACKETSTORM",
"id": "162133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
},
{
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"id": "VAR-202104-1584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
}
]
},
"last_update_date": "2024-05-17T22:55:48.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DSL-320B-D1 buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/259991"
},
{
"title": "D-Link DSL-320B-D1 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147012"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/162133/d-link-dsl-320b-d1-pre-authentication-buffer-overflow.html"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"trust": 1.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10216"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/apr/15"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26709"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/shellcodes/45541"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.as"
},
{
"trust": 0.1,
"url": "https://twitter.com/gm4tr1x"
},
{
"trust": 0.1,
"url": "https://github.com/matrix/"
},
{
"trust": 0.1,
"url": "https://www.linkedin.com/in/gabrielegristina"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-26709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"db": "VULMON",
"id": "CVE-2021-26709"
},
{
"db": "PACKETSTORM",
"id": "162133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
},
{
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"db": "VULMON",
"id": "CVE-2021-26709"
},
{
"db": "PACKETSTORM",
"id": "162133"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
},
{
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"date": "2021-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26709"
},
{
"date": "2021-04-08T14:06:57",
"db": "PACKETSTORM",
"id": "162133"
},
{
"date": "2021-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-430"
},
{
"date": "2021-04-07T11:15:12.167000",
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29840"
},
{
"date": "2021-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26709"
},
{
"date": "2021-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-430"
},
{
"date": "2024-05-17T01:55:11.953000",
"db": "NVD",
"id": "CVE-2021-26709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-320B-D1 buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29840"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-430"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.