CVE-2021-41441 - OpenCVE

A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dir-x1860 Dir-x1860 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://d-link.com
http://dir-x1860.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283
https://www.dlink.com/en/security-bulletin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-09T16:55:47

Updated: 2024-08-04T03:15:27.968Z

Reserved: 2021-09-20T00:00:00

Link: CVE-2021-41441

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-09T17:15:08.250

Modified: 2024-02-14T01:17:43.863

Link: CVE-2021-41441

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-09T16:55:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://d-link.com"}, {"tags": ["x_refsource_MISC"], "url": "https://www.dlink.com/en/security-bulletin/"}, {"tags": ["x_refsource_MISC"], "url": "http://dir-x1860.com"}, {"tags": ["x_refsource_MISC"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41441", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://d-link.com", "refsource": "MISC", "url": "http://d-link.com"}, {"name": "https://www.dlink.com/en/security-bulletin/", "refsource": "MISC", "url": "https://www.dlink.com/en/security-bulletin/"}, {"name": "http://dir-x1860.com", "refsource": "MISC", "url": "http://dir-x1860.com"}, {"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283", "refsource": "MISC", "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:15:27.968Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://d-link.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dlink.com/en/security-bulletin/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dir-x1860.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41441", "datePublished": "2022-02-09T16:55:47", "dateReserved": "2021-09-20T00:00:00", "dateUpdated": "2024-08-04T03:15:27.968Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5F053AF-66B2-49F3-8AD9-3F7107059ECB", "versionEndIncluding": "1.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*", "matchCriteriaId": "A46288E8-3105-4FAA-80E7-94EECD1764F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot."}, {"lang": "es", "value": "Un ataque de DoS en la aplicaci\u00f3n web de D-Link DIR-X1860 versiones anteriores a v1.10WB09_Beta, permite a un atacante remoto no autenticado reiniciar el router por medio del env\u00edo de una URL especialmente dise\u00f1ada a una v\u00edctima autenticada. La v\u00edctima autenticada debe visitar esta URL para que el router sea reiniciado"}], "id": "CVE-2021-41441", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-09T17:15:08.250", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://d-link.com"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "URL Repurposed"], "url": "http://dir-x1860.com"}, {"source": "cve@mitre.org", "tags": ["Patch", "Technical Description", "Vendor Advisory"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}]}