CVE-2021-45382

CVE Database · CVE-2021-45382

CVE-2021-45382

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

97.84%

Published

Feb 17, 2022

Modified

Nov 10, 2025

CISA Known Exploited Vulnerability

Added: 2022-04-04 · Due: 2022-04-25

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (12)

dlink · dir-820l_firmwarevulnerable

dlink · dir-820l

dlink · dir-820lw_firmwarevulnerable

dlink · dir-820lw

dlink · dir-826l_firmwarevulnerable

dlink · dir-826l

dlink · dir-830l_firmwarevulnerable