D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.
References
Link | Resource |
---|---|
https://github.com/pjqwudi/my_vuln/blob/main/D-link/vuln_2/2.md | Broken Link |
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10286 | Vendor Advisory |
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10287 | Vendor Advisory |
https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
https://github.com/pjqwudi/my_vuln/blob/main/D-link/vuln_2/2.md | Broken Link |
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10286 | Vendor Advisory |
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10287 | Vendor Advisory |
https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 06:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/pjqwudi/my_vuln/blob/main/D-link/vuln_2/2.md - Broken Link | |
References | () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10286 - Vendor Advisory | |
References | () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10287 - Vendor Advisory | |
References | () https://www.dlink.com/en/security-bulletin/ - Vendor Advisory |
Information
Published : 2022-02-04 02:15
Updated : 2024-11-21 06:31
NVD link : CVE-2021-44880
Mitre link : CVE-2021-44880
CVE.ORG link : CVE-2021-44880
JSON object : View
Products Affected
dlink
- dir-878
- dir-882_firmware
- dir-878_firmware
- dir-882
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')