CVE-2021-45382
CRITICAL KEV NUCLEID-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L - Remote Code Execution via DDNS Function
Title source: llmExploitation Summary
CVE-2021-45382 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 4, 2022. A Nuclei detection template is also available.
Description
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
Nuclei Templates (1)
D-Link - Remote Command Execution
CRITICALby king-alexander
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264
Exploit, Third Party Advisory x_refsource_misc
https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-45382
Scores
CVSS v3
9.8
EPSS
0.9435
EPSS Percentile
100.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2022-04-04
VulnCheck KEV
2022-04-01
InTheWild.io
2022-04-03
ENISA EUVD
EUVD-2021-32155
CWE
CWE-78
Status
published
Products (6)
dlink/dir-810l_firmware
dlink/dir-820l_firmware
dlink/dir-820lw_firmware
dlink/dir-826l_firmware
dlink/dir-830l_firmware
dlink/dir-836l_firmware
Published
Feb 17, 2022
KEV Added
Apr 04, 2022
Tracked Since
Feb 18, 2026