CVE-2021-40655

CVE Database · CVE-2021-40655

CVE-2021-40655

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

87.04%

Published

Sep 24, 2021

Modified

Nov 10, 2025

CISA Known Exploited Vulnerability

Added: 2024-05-16 · Due: 2024-06-06

This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-863CWE-863

Affected Products (2)

dlink · dir-605l_firmwarevulnerable

dlink · dir-605l

References (5)

https://github.com/Ilovewomen/D-LINK-DIR-605/

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Vendor Advisory