CVE-2021-46379

MEDIUM EXPLOITED NUCLEI

DLink DIR850 ET850-1.08TRb03 - Open Redirect

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-46379 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Ahmed Alroky. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an open redirect vulnerability in D-Link DIR850 routers. By crafting a malicious URL with a 'redirect-url' parameter, an attacker can redirect users to an arbitrary domain.

Description

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.

Exploits (1)

exploitdb WORKING POC
by Ahmed Alroky · textremotehardware
https://www.exploit-db.com/exploits/50907

This exploit demonstrates an open redirect vulnerability in D-Link DIR850 routers. By crafting a malicious URL with a 'redirect-url' parameter, an attacker can redirect users to an arbitrary domain.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR850 with firmware ET850-1.08TRb03
No auth needed
Prerequisites: Network access to the vulnerable router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

D-Link DIR850 ET850-1.08TRb03 - Open Redirect
MEDIUMVERIFIEDby 0x_Akoko

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/167041/DLINK-DIR850-Open-Redirection.html

Scores

CVSS v3 6.1
EPSS 0.1570
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-01-22
CWE
CWE-601
Status published
Products (1)
dlink/dir-850l_firmware 1.08trb03
Published Mar 04, 2022
Tracked Since Feb 18, 2026