CVE-2021-45382 Information

Description

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L DIR-820L/LW DIR-826L DIR-830L and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L DIR-820L DIR-830L DIR-826L DIR-836L all hardware revisions have reached their End of Life (\EOL) /End of Service Life (\EOS) Life-Cycle and as such this issue will not be patched.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264 https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8