CVE-2021-29379

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
12/04/2021
Last modified:
03/08/2024

Description

An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:dlink:dir-802_firmware:*:*:*:*:*:*:*:* 1.00b05 (including)
cpe:2.3:h:dlink:dir-802:a1:*:*:*:*:*:*:*