Vulnerabilities > CVE-2021-28838 - NULL Pointer Dereference vulnerability in Dlink products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf
- https://www.dlink.com/en/security-bulletin/
- https://www.dlink.com/en/security-bulletin/