CVE-2021-40655

CVSS 7.5 HIGHEPSS 87.0%● KEVCWE-863

In short

The D-Link DIR-605 B2 router allows attackers to steal usernames and passwords by sending a fake request to a specific page. This is critical because it gives attackers full access to control your router.

Technical detail

An authentication bypass vulnerability in D-Link DIR-605 B2 (firmware 2.01MT) allows unauthenticated attackers to retrieve sensitive configuration data including credentials via a forged POST request to /getcfg.php. The vulnerability requires network access to the router's web interface but no prior authentication, leading to complete credential compromise and device takeover.

Summary generated and translated by AI from the official description.

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Ilovewomen/D-LINK-DIR-605/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40655 https://www.dlink.com/en/security-bulletin/