Network equipment vendor D-Link has released a hotfix to address multiple vulnerabilities affecting DIR-3040 routers. An attacker could exploit the flaws to execute malicious code, gain access to sensitive information and even crash the routers.

The list of vulnerabilities discovered by Cisco Talos experts includes:

CVE-2021-21816 - Syslog information disclosure vulnerability;

CVE-2021-21817 - Zebra IP Routing Manager information disclosure vulnerability;

CVE-2021-21818 - Zebra IP Routing Manager hard-coded password vulnerability;

CVE-2021-21819 - Libcli command injection vulnerability;

CVE-2021-21820 - Libcli Test Environment hard-coded password vulnerability.

The CVE-2021-21820 vulnerability could be exploited in an attack by sending specially crafted requests to vulnerable device. According to the Cisco Talos report, it is recommended to install the patch v1.13B03.

Source: anti-malware.ru