Dave McDaniel discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router.

The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service and gaining the ability to execute arbitrary code. TALOS-2021-1281 (CVE-2021-21816) and TALOS-2021-1282 (CVE-2021-21817) are information disclosure vulnerabilities in the router that could be triggered by a specially crafted network request. An attacker could exploit these vulnerabilities to view the device’s system log.

TALOS-2021-1283 (CVE-2021-21818) and TALOS-2021-1285 (CVE-2021-21820) are both hardcoded password vulnerabilities. However, TALOS-2021-1283 could cause a denial of service, while TALOS-2021-1285 could allow an attacker to execute code on the router.

An adversary could also gain the ability to execute code by exploiting TALOS-2021-1284 (CVE-2021-21819) after sending the target a sequence of requests.

Cisco Talos worked with D-LINK to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: D-LINK DIR-3040 router, version 1.13B03. Talos tested and confirmed these versions of the DIR-3040 could be exploited by this vulnerability.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57475 - 57478. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.