CVE-2021-46378

HIGH

DLink DIR850 ET850-1.08TRb03 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-46378. PoCs published by Ahmed Alroky.

AI-analyzed exploit summary This exploit leverages an insecure access control vulnerability in D-Link DIR850 routers, allowing unauthorized access to the configuration file via a direct HTTP request to `/config.dat`.

Description

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.

Exploits (1)

exploitdb WORKING POC

by Ahmed Alroky · textremotehardware

https://www.exploit-db.com/exploits/50906

View Code ZIP pw:eip

This exploit leverages an insecure access control vulnerability in D-Link DIR850 routers, allowing unauthorized access to the configuration file via a direct HTTP request to `/config.dat`.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR850 firmware ET850-1.08TRb03

No auth needed

Prerequisites: network access to the target device

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.dlink.com/en/security-bulletin/

Exploit, Third Party Advisory x_refsource_misc

https://drive.google.com/file/d/1S69wOovVa8NRVUXcB0PkVvZHFxREcD4Y/view?usp=sharing

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167042/DLINK-DIR850-Insecure-Direct-Object-Reference.html

Scores

CVSS v3 7.5

EPSS 0.3320

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-425

Status published

Products (1)

dlink/dir-850l_firmware 1.08trb03

Published Mar 04, 2022

Tracked Since Feb 18, 2026