HomePentest-Tools.com Logo

D-Link Multiple DIR Devices RCE Vulnerability (Feb 2022) CVE-2021-45382

Severity
CVSSv3 Score
9.8
Vulnerability description

Multiple D-Link DIR devices are prone to a remote command execution (RCE) vulnerability.

Risk description

A remote command execution exists via the DDNS function in ncc2 binary file.

Recommendation

No solution was made available by the vendor. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. Note: Vendor states that all models reached their End-of-Support Date, they are no longer supported, and firmware development has ceased. See vendor advisory for further recommendations.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 17, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available