CVE-2021-21913 CRITICAL

CVE-2021-21913

Vendor N/A
Product D-Link
Weakness CWE-798 · Hardcoded credentials
Published September 23, 2021
Last update August 3, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.

Key dates

02Disclosure timeline

September 23, 2021 CVE published
August 3, 2024 Record updated