Security for everyone

CVE-2021-45382 Scanner

Detects 'Remote Command Execution (RCE)' vulnerability in D-Link routers affects all H/W revisions of DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Source

-

D-Link routers, including models DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L, are widely used networking devices that provide users with internet access and network connectivity. These routers are designed for both home and small office environments, offering features such as dual-band Wi-Fi, cloud services, and advanced security protocols. They are popular due to their ease of use, reliability, and performance. However, the identified models have reached their End of Life (EOL)/End of Service Life (EOS), meaning they are no longer supported by the manufacturer.

Attackers can exploit this vulnerability by sending a specially crafted POST request to the /ddns_check.ccp endpoint. The request includes a malicious DDNS hostname parameter that injects commands to be executed by the router. Since these routers are no longer supported, they do not receive security updates, making them permanently vulnerable to such attacks.

Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, device manipulation, or being co-opted into botnets. Attackers can potentially redirect traffic, monitor or alter network communications, and launch further attacks against connected devices. The high CVSS score reflects the severity and potential impact of this vulnerability on affected users.

By utilizing the security scanning services provided by securityforeveryone, users can identify vulnerabilities such as the critical RCE flaw in D-Link routers. Our platform's comprehensive approach to cyber threat exposure management helps organizations detect, analyze, and remediate vulnerabilities before they can be exploited. Joining securityforeveryone ensures continuous protection and enhances cybersecurity resilience against evolving threats.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture