D-Link - Information Disclosure (CVE-2021-40655)
334Exploiting IPs reported
An informtion disclosure issue exists in D-Link product running the D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
CrowdSec analysis
CVE-2021-40655 is a vulnerability affecting certain D-Link products, where information disclosure can occur if a remote attacker forges requests to a specific configuration page.
CrowdSec has been tracking this vulnerability and its exploits since 10th of March 2025.
CrowdSec network data shows that most actors exploiting CVE-2021-40655 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2021-40655 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2021-40655 is currently experiencing high visibility and active exploitation across the internet.
Attackers typically attempt to exploit this issue by making requests to endpoints ending with /getcfg.php.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.