10
CVE-2021-45382
- EPSS 94.23%
- Published 17.02.2022 21:15:07
- Last modified 03.04.2025 19:48:43
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.Data is provided by the National Vulnerability Database (NVD)
Dlink ≫ Dir-820l Firmware Version-
Dlink ≫ Dir-820lw Firmware Version-
Dlink ≫ Dir-826l Firmware Version-
Dlink ≫ Dir-830l Firmware Version-
Dlink ≫ Dir-836l Firmware Version-
Dlink ≫ Dir-810l Firmware Version-
04.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
D-Link Multiple Routers Remote Code Execution Vulnerability
VulnerabilityA remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
DescriptionThe impacted product is end-of-life and should be disconnected if still in use.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.23% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.