Dave McDaniel of Cisco Talos discovered this vulnerability.

Cisco Talos recently discovered an exploitable information disclosure vulnerability in the D-LINK DIR-3040 smart WiFi mesh router that could allow an adversary to eventually turn off the device or remove other connected devices from the mesh network.

The DIR-3040 is an AC3000-based wireless internet router that creates a mesh network for the user, allowing them to connect multiple devices in their environment, oftentimes at home. TALOS-2021-1361 (CVE-2021-21913) is a vulnerability that an attacker could trigger with a specially crafted network request. Eventually, the attacker could view sensitive information in the MQTT service, including the root password of the primary device.

Then, they could push the appropriate payloads to execute remote code on the targeted device, potentially allowing them to reboot any device on the mesh network or remove devices from the mesh completely.

Cisco Talos worked with D-LINK to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: D-LINK DIR-3040 router, version 1.13B03. Talos tested and confirmed these versions of the library could be exploited by this vulnerability.

The following SNORTⓇ rule will detect exploitation attempts against this vulnerability: 58104. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.