D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-23T21:21:47

Updated: 2024-08-04T02:13:37.241Z

Reserved: 2021-08-23T00:00:00

Link: CVE-2021-39615

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-23T22:15:28.937

Modified: 2024-08-04T03:15:16.023

Link: CVE-2021-39615

cve-icon Redhat

No data.