CVE-2021-28839

moderate-risk

Published 2021-08-10

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability.

Do I need to act?

0.56% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (9)

Dap-2310 Firmware

Dap-2330 Firmware

Dap-2360 Firmware

Dap-2553 Firmware

Dap-2660 Firmware

Dap-2690 Firmware

Dap-2695 Firmware

Dap-3320 Firmware

Dap-3662 Firmware

Affected Vendors

Dlink

References (6)

Exploit https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf

Third Party Advisory https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf

Vendor Advisory https://www.dlink.com/en/security-bulletin/

Exploit https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf

Third Party Advisory https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf

Vendor Advisory https://www.dlink.com/en/security-bulletin/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 15/34 · Moderate