Vulnerabilities > Dlink > DIR 2640 US Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-30 CVE-2021-20132 Use of Hard-coded Credentials vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services.
low complexity
dlink CWE-798
8.8
8.8
2021-12-30 CVE-2021-20134 Path Traversal vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd).
low complexity
dlink CWE-22
8.4
8.4
2021-06-16 CVE-2021-34201 Out-of-bounds Write vulnerability in Dlink Dir-2640-Us Firmware 1.01B04
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow.
local
low complexity
dlink CWE-787
7.1
7.1
2021-06-16 CVE-2021-34203 Insecure Default Initialization of Resource vulnerability in Dlink Dir-2640-Us Firmware 1.01B04
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control.
low complexity
dlink CWE-1188
8.1
8.1
2021-06-16 CVE-2021-34202 Out-of-bounds Write vulnerability in Dlink Dir-2640-Us Firmware 1.01B04
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04.
local
low complexity
dlink CWE-787
7.8
7.8