Vulnerabilities > CVE-2021-29295 - NULL Pointer Dereference vulnerability in Dlink Dsp-W215 Firmware 1.10

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dlink

CWE-476

NVD

Published: 2021-08-10

Updated: 2024-04-11

Summary

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DSP W215 Firmware 1.10	1
Hardware	Dlink Dlink DSP W215 -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.dlink.com/en/security-bulletin/
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10211