CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-29296

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
https://www.dlink.com/en/security-bulletin/
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
https://www.dlink.com/en/security-bulletin/

Products affected by CVE-2021-29296

Dlink » Dir-825 » Version: N/A

cpe:2.3:h:dlink:dir-825:-
Dlink » Dir-825 Firmware » Version: 2.10b02

cpe:2.3:o:dlink:dir-825_firmware:2.10b02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-29296

Products

Pricing

Contact Us