CVE-2021-45382
D-Link Multiple Routers Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
Se presenta una vulnerabilidad de Ejecución de Comandos Remota (RCE) en todas las revisiones H/W de la serie de routers D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L y DIR-836L por medio de la función DDNS en el archivo binario ncc2. Nota: Los DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, todas las revisiones de hardware, han llegado al final de su vida útil ("EOL") / fin de la vida útil ("EOS") y, por lo tanto, este problema no será parcheado
A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-20 CVE Reserved
- 2022-02-17 CVE Published
- 2022-04-04 Exploited in Wild
- 2022-04-25 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-02 EPSS Updated
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dir-820l Firmware Search vendor "Dlink" for product "Dir-820l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-820l Search vendor "Dlink" for product "Dir-820l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-820lw Firmware Search vendor "Dlink" for product "Dir-820lw Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-820lw Search vendor "Dlink" for product "Dir-820lw" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-826l Firmware Search vendor "Dlink" for product "Dir-826l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-826l Search vendor "Dlink" for product "Dir-826l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-830l Firmware Search vendor "Dlink" for product "Dir-830l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-830l Search vendor "Dlink" for product "Dir-830l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-836l Firmware Search vendor "Dlink" for product "Dir-836l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-836l Search vendor "Dlink" for product "Dir-836l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-810l Firmware Search vendor "Dlink" for product "Dir-810l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-810l Search vendor "Dlink" for product "Dir-810l" | - | - |
Safe
|