How severe is CVE-2021-20133?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2021-20133?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2021-20133

MEDIUM Year: 2021

CVSS v3 Score

6.1

Medium

CVSS v2 Score

7.1

High

Weakness Type

CWE-22

View all →

Vulnerability Description

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd).

CVE-2023-2745

MEDIUM

CVSS:6.1(Medium)

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation f...

CWE-222023

CVE-2016-7116

MEDIUM

CVSS:6.0(Medium)

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified st...

CWE-222016

CVE-2017-8189

MEDIUM

CVSS:6.0(Medium)

FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files...

CWE-222017

CVE-2021-21908

MEDIUM

CVSS:6.0(Medium)

Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed...

CWE-222021

CVE-2021-21909

MEDIUM

CVSS:6.0(Medium)

Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability

CWE-222021

CVE-2023-33310

MEDIUM

CVSS:6.0(Medium)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n...

CWE-222023

CVE-2021-20133

Vulnerability Description

Related Vulnerabilities

CVE-2023-2745

CVE-2016-7116

CVE-2017-8189

CVE-2021-21908

CVE-2021-21909

CVE-2023-33310