Home / Vulnerabilities / CVE-2021-40655
HIGH SEVERITY
CVE-2021-40655 D-Link · DIR-605 Router

D-Link DIR-605 Router Information Disclosure Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
7.5 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitation Likelihood

EPSS Prediction

92.87 %
Predictive Probability
Percentile Rank
99.8 th

Documented as more likely to be exploited than 99.8% of known CVEs.

Detection Date

May 16, 2024

Remediation Due

Jun 06, 2024

CISA Catalog Active

Threat Analysis

D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.

Remediation Directive

This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

External Intelligence

https://legacy.us.dlink.com/pages/product.aspx?id=2b09e95d90ff4cb38830ecc04c89cee5

https://legacy.us.dlink.com/pages/product.aspx?id=2b09e95d90ff4cb38830ecc04c89cee5
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2021-40655