A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
References
| Link | Resource |
|---|---|
| https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md | Exploit Third Party Advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
History
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-78 |
Information
Published : 2022-02-17 21:15
Updated : 2024-02-28 19:09
NVD link : CVE-2021-45382
Mitre link : CVE-2021-45382
CVE.ORG link : CVE-2021-45382
JSON object : View
Products Affected
dlink
- dir-826l
- dir-830l
- dir-810l_firmware
- dir-820l_firmware
- dir-826l_firmware
- dir-820l
- dir-820lw_firmware
- dir-836l_firmware
- dir-820lw
- dir-830l_firmware
- dir-810l
- dir-836l
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')