D-LINK DIR-3040 Libcli test environment hard-coded password vulnerability [CVE-2021-21820]
CVE number – CVE-2021-21820
A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Tested Versions
D-LINK DIR-3040 1.13B03
The DIR-3040 is an AC3000-based wireless internet router.
A hidden telnet service can be started without authentication by visiting
https://<router_ip>/start_telnet
Discovered by Dave McDaniel of Cisco Talos.
![D-LINK DIR-3040 Libcli test environment hard-coded password vulnerability [CVE-2021-21820]](https://i0.wp.com/www.systemtek.co.uk/wp-content/uploads/2022/01/blank-profile-hi.png?resize=100%2C100)
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.