Vulnerabilities > CVE-2021-28839 - NULL Pointer Dereference vulnerability in Dlink products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf
- https://www.dlink.com/en/security-bulletin/
- https://www.dlink.com/en/security-bulletin/