CVE-2021-45382

CRITICAL KEV NUCLEI

Dlink Dir-820l Firmware - OS Command Injection

Title source: rule

Description

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.

Nuclei Templates (1)

D-Link - Remote Command Execution
CRITICALby king-alexander

References (3)

Scores

CVSS v3 9.8
EPSS 0.9423
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-04-04
VulnCheck KEV 2022-04-01
InTheWild.io 2022-04-03
ENISA EUVD EUVD-2021-32155
CWE
CWE-78
Status published
Products (6)
dlink/dir-810l_firmware
dlink/dir-820l_firmware
dlink/dir-820lw_firmware
dlink/dir-826l_firmware
dlink/dir-830l_firmware
dlink/dir-836l_firmware
Published Feb 17, 2022
KEV Added Apr 04, 2022
Tracked Since Feb 18, 2026