| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.4 | $0-$5k | 0.39 |
A vulnerability, which was classified as problematic, has been found in D-Link DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2660, DAP-2690, DAP-2695, DAP-3320 and DAP-3662. This issue affects the function atoi of the component httpd. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-476. Impacted is availability. The summary by CVE is:
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi’ operation when a specific network package are sent to the httpd binary.
The weakness was presented 08/11/2021. The advisory is shared at github.com. The identification of this vulnerability is CVE-2021-28838 since 03/19/2021. The attack needs to be done within the local network. A simple authentication is necessary for exploitation. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/15/2021).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Vendor
Name
VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.4
VulDB Base Score: 3.5
VulDB Temp Score: 3.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Denial of service
CWE: CWE-476
ATT&CK: Unknown
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: no mitigation known
Status: 🔍
0-Day Time: 🔒
03/19/2021 CVE assigned
08/11/2021 Advisory disclosed
08/11/2021 VulDB entry created
08/15/2021 VulDB last updateVendor: https://www.dlink.com/
Advisory: github.com
Status: Not defined
CVE: CVE-2021-28838 (🔒)
Created: 08/11/2021 12:18
Updated: 08/15/2021 14:49
Changes: (2) source_cve_assigned source_cve_nvd_summary
Complete: 🔍
Download the whitepaper to learn more about our service!
