CVE-2021-45382

critical-risk

Published 2022-02-17

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.

Do I need to act?

94.2% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Dir-820L Firmware

Dir-820Lw Firmware

Dir-826L Firmware

Dir-830L Firmware

Dir-836L Firmware

Dir-810L Firmware

Affected Vendors

Dlink

References (5)

Exploit https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command...

Vendor Advisory https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1...

Exploit https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command...

Vendor Advisory https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 13/34 · Low