External risk intelligence

D-Link Router Information Disclosure Vulnerability.

CVE advisoryKnown Exploit

CVE-2021-40655

Certain D-Link router firmware can expose user credentials through a forged request, potentially leading to unauthorized network access and data compromise. The realistic business risk involves credential theft from a network gateway device. Organizations should identify and replace affected, end-of-life hardware.

5Halo Surface Signal

Dlink Dir 605l Firmware

2.01mt

External exposure likelihood

Halo Surface Signal score for CVE-2021-40655

The affected product is a consumer router. These devices are designed to serve as internet edge gateways, and the vulnerable endpoint is a network-accessible administrative interface that is typically reachable over the internet or the local network segment by design.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Horizon Alert

Summary of the vulnerability and why it matters

Certain D-Link router firmware can expose user credentials. A flaw in the system allows unauthorized parties to gain access to a username and password. This could lead to the compromise of network access and sensitive information.

  • Vulnerable router firmware
  • Credentials exposed via forged request
  • Potential network and data compromise.

Attack Path

How an attacker could exploit the issue

The vulnerability allows an attacker to obtain user credentials by sending a forged request to a specific page on the affected device. This exposure leads to unauthorized access to sensitive information. The attacker then leverages this access to potentially gain further control over the system or use the credentials for malicious purposes.

  • Exposure via a network-accessible page.
  • Attacker sends forged POST request.
  • Attacker obtains username and password.

Live Threat

Current exploitation, exposure, and threat context

An information disclosure vulnerability in certain D-Link router firmware could allow unauthorized access to user credentials. Attackers can exploit this by sending a forged request to a specific page on the device. This could lead to the compromise of network access and sensitive information. Given the potential for credential theft and the device's role as a network gateway, this poses a significant business risk.

  • Likely attacker skill: Low
  • Required access: Network access
  • Business risk: High urgency

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability allows an attacker to obtain user credentials by sending a forged request to a specific device page. This could grant unauthorized access to network configurations and potentially other sensitive information. Organizations should investigate their inventory to determine if this specific D-Link router model is in use, especially in environments with external access.

  • Find affected D-Link router assets.
  • Restrict network access to the device.
  • Replace the device due to end-of-life.

Frequently asked questions

What type of vulnerability affects D-Link DIR-605 B2 firmware version 2.01MT?

An information disclosure vulnerability exists in D-LINK-DIR-605 B2 Firmware Version 2.01MT. This flaw allows an attacker to obtain a user name and password.

How can an attacker exploit the D-Link DIR-605 B2 firmware vulnerability?

An attacker can exploit this vulnerability by forging a POST request to the /getcfg.php page on the affected D-Link DIR-605 B2 router. This action allows them to obtain a user's username and password.

What is the weakness class for CVE-2021-40655, and what is its relevance?

The weakness class for CVE-2021-40655 is CWE-863. This vulnerability is relevant because it allows attackers to obtain user credentials, potentially leading to unauthorized network access and sensitive data compromise. The Halo Surface Signal score indicates it is 'Very likely' to be exploited due to the product's role as an internet edge gateway.

What is the practical response recommended for the D-Link DIR-605 L vulnerability?

The recommended practical response is to identify any affected D-Link DIR-605 L router assets within your inventory. Due to these devices being end-of-life or end-of-service, they should be retired and replaced according to vendor instructions.

What are the potential impacts of the D-Link DIR-605 L information disclosure vulnerability?

The primary impact of this vulnerability is the unauthorized disclosure of user credentials, specifically a username and password. This could lead to a compromise of network access and sensitive information, posing a significant business risk due to the device's function as a network gateway.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified