CVE-2021-45382
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
17/02/2022
Last modified:
10/11/2025
Description
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dir-820l_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dir-820lw_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-820lw:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dir-826l_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-826l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dir-830l_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-830l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dir-836l_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-836l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dir-810l_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-810l:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264
- https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-45382