CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-45382

CVSS 9.8v3.1pub. 2022-02-17upd. 2025-11-10

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 810l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 810l Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dir 820l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 820l Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dir 820lw

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 820lw Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dir 826l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 826l Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dir 830l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 830l Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dir 836l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 836l Firmware

    OS
    Dlink
    wszystkie wersje

CISA KEV — detailsi

Vendori
D-Link
Producti
Multiple Routers
Added to KEVi
April 4, 2022
Remediation deadline (US Federal)i
April 25, 2022(overdue)
Required action (CISA)i

The impacted product is end-of-life and should be disconnected if still in use.

CISA descriptioni

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 25 kwietnia 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-25280CRITICAL9.8⚠ KEVten sam produkt

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to roo...

CVE-2022-26258CRITICAL9.8⚠ KEVten sam produkt

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST t...

CVE-2015-1187CRITICAL9.8⚠ KEVten sam produkt

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the...

CVE-2024-48150CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-820L: stack overflow w funkcji sub_451208

CVE-2024-41610CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-820LW – zakodowane na stałe dane logowania w usłudze Telnet