D-Link Releases Patch For Hard-coded Password Vulnerabilities

July 19, 2021

D-Link recently released a firmware hotfix for all affected customers on July 15, after fixing the bugs in the DIR-3040 AC3000 wireless internet router.

Vulnerabilities discovered and reported by Cisco Talos security researcher Dave McDaniel could allow an attacker to execute arbitrary code on unpatched routers and gain access to sensitive information upon successful exploitation.

The Zebra IP Routing Manager of the router and the Libcli Environment functionality contains the vulnerabilities CVE-2021-21818 and CVE-2021-2180, which contain hard encrypted passwords and credentials.

Both of these could allow threat actors targeting D-Link DIR-3040 routers to bypass the authentication rules which are configured by the software administrator.

The five vulnerabilities that D-Link is fixing with the hotfix are CVE-2021-21816, CVE-2021-21817, CVE-2021-21818, CVE-2021-21819, and CVE-2021-21820.

For more information, read the original story in Bleeping Computer.

D-Link Releases Patch For Hard-coded Password Vulnerabilities

Top Stories

Meta buys agentic AI startup Manus to boost consumer AI push

AST SpaceMobile launches largest satellite ever, challenging Starlink with direct-to-phone 5G

SoftBank sells remaining Nvidia stake to fund $22.5B OpenAI commitment

What a year this has been.

Top 10 reflections on information technology developments in 2025

Spotify says it has identified account behind mass scraping claimed by pirate group

Related Articles

Over 59,000 Next.js servers hacked in 48 hours in credential-theft campaign

NIST warns of inaccurate internet time after atomic clock disruption

Critical LangChain flaw exposes secrets across millions of AI agent deployments

Facial recognition becomes mandatory for new mobile accounts in South Korea

TND News Desk

TND News Desk

Jim Love

Follow Us

Popular categories

Tech News Delivered