CVE-2021-45382 – D-Link Multiple Routers Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-45382

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched. Se presenta una vulnerabilidad de Ejecución de Comandos Remota (RCE) en todas las revisiones H/W de la serie de routers D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L y DIR-836L por medio de la función DDNS en el archivo binario ncc2. Nota: Los DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, todas las revisiones de hardware, han llegado al final de su vida útil ("EOL") / fin de la vida útil ("EOS") y, por lo tanto, este problema no será parcheado A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. • https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •