CVE-2021-28143

HIGH

D-Link DIR-841 <3.04 - Command Injection

Title source: llm

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

Exploit, Third Party Advisory x_refsource_misc

CVSS v3 8.0

EPSS 0.2313

EPSS Percentile 96.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78

Status published

Products (2)

dlink/dir-841_firmware 3.03

dlink/dir-841_firmware 3.04

Published Mar 11, 2021

Tracked Since Feb 18, 2026