Vulnerability Details CVE-2021-33259
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://d-link.com
- http://dir-868lw.com
- https://github.com/jayus0821/uai-poc/blob/main/D-Link/DIR-868L/webaccess_UAI.md
- https://www.dlink.com/en/security-bulletin/
- http://d-link.com
- http://dir-868lw.com
- https://github.com/jayus0821/uai-poc/blob/main/D-Link/DIR-868L/webaccess_UAI.md
- https://www.dlink.com/en/security-bulletin/
Products affected by CVE-2021-33259
-
cpe:2.3:h:dlink:dir-868lw:-
-
cpe:2.3:o:d-link:dir-868lw_firmware:1.12b