Vulnerabilities > CVE-2021-29296 - NULL Pointer Dereference vulnerability in Dlink Dir-825 Firmware 2.10B02

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dlink

CWE-476

NVD

Published: 2021-08-10

Updated: 2024-11-21

Summary

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DIR 825 Firmware 2.10B02	1
Hardware	Dlink Dlink DIR 825 -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
https://www.dlink.com/en/security-bulletin/
https://www.dlink.com/en/security-bulletin/