CVE-2021-46381

HIGH EXPLOITED NUCLEI

D-Link DAP-1620 Firmware - Path Traversal and Unauthorized File Read

Title source: llm

Exploitation Summary

CVE-2021-46381 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Momen Eldawakhly, JCPpeiqi. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in D-Link DAP-1620 A1 v1.01 via a crafted POST request to `apply.cgi`. The `html_response_page` parameter is manipulated to traverse directories and leak the contents of `/etc/passwd`.

Description

Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].

Exploits (2)

exploitdb WORKING POC

by Momen Eldawakhly · textremotehardware

https://www.exploit-db.com/exploits/50919

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in D-Link DAP-1620 A1 v1.01 via a crafted POST request to `apply.cgi`. The `html_response_page` parameter is manipulated to traverse directories and leak the contents of `/etc/passwd`.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: D-Link DAP-1620 A1 v1.01

Auth required

Prerequisites: Network access to the target device · Valid session cookie (ID)

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by JCPpeiqi · remote

https://github.com/JCPpeiqi/-cve-2021-46381

View Code ZIP pw:eip

This PoC exploits an arbitrary file read vulnerability in D-Link DAP-1620 via a path traversal in the `apply.cgi` endpoint. It sends a crafted POST request to read files from the device's filesystem.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: D-Link DAP-1620

No auth needed

Prerequisites: Network access to the target device · The `apply.cgi` endpoint must be accessible

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

D-Link DAP-1620 - Local File Inclusion

HIGHby 0x_Akoko

References (3)

Core 3

Core References

Not Applicable, Vendor Advisory x_refsource_misc

https://www.dlink.com/en/security-bulletin/

Exploit, Third Party Advisory x_refsource_misc

https://drive.google.com/drive/folders/19OP09msw8l7CJ622nkvnvnt7EKun1eCG?usp=sharing

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167070/DLINK-DAP-1620-A1-1.01-Directory-Traversal.html

Scores

CVSS v3 7.5

EPSS 0.5798

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-01-22

CWE

CWE-22

Status published

Products (1)

dlink/dap-1620_firmware

Published Mar 04, 2022

Tracked Since Feb 18, 2026