Home > Cyber News > Disconnect D-Link Routers Vulnerable to CVE-2021-45382
CYBER NEWS

Disconnect D-Link Routers Vulnerable to CVE-2021-45382

by   |  Last Update:  |  0 Comments  

Disconnect D-Link Routers Vulnerable to CVE-2021-45382

CVE-2021-45382 is a Remote Code Execution (RCE) vulnerability in D-Link routers. More specifically, all series of H/W revisions D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file, are affected, according to the official CVE advisory.




More about CVE-2021-45382

However, instead of patching the vulnerability, D-Link is advising users to disconnect them, because the models are reaching their end-of-life (EOL) point.

D-Link says that the affected models that have reached EOL are the following: DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L all series, plus all hardware revisions. The last update was released on December 19, 2021.

The vulnerability stems from the so-called Dynamic Domain Name System, shortly DDNS, which allows systems to overcome issues related to Dynamic IP Addresses.

As for the ncc2 service, it could enable basic firmware and language file upgrades on affected models using the web interface. The service on the said routers had been shipped with a number of diagnostic hooks available, making it possible to be called without authentication.

Cybersecurity and Infrastructure Security Agency, shortly known as CISA, has added the CVE-2021-45382 vulnerability to its catalog of exploited bugs. If you are an owner of a vulnerable D-Link router of the said models, you are strongly advised to disconnect the device and replace it with a supported one. It is not safe to use a device that has reached its end-of-life capacity.

“If a product has reached End of Support (“EOS”) / End of Life (“EOL”), there is normally no further extended support or development for it,” D-Link noted.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. CVE-2021-1609 and CVE-2021-1610 in Cisco Small Busines Routers, Patch Now Cisco released patches to fix several critical security vulnerabilities in...
  3. Medtronic Defibrillators Vulnerable (CVE-2019-6538, CVE-2019-6540) A number of heart defibrillators are vulnerable to severe, life-threatening...
  4. CVE-2021-20090 in Routers with Arcadyan Firmware Exploited in the Wild A recently disclosed vulnerability in routers running Arcadyan firmware is...
  5. Which Are the Most Secure Routers in 2017 *The data in this table may update every week because...
  6. Netgear Routers Vulnerable to Remote Access Attacks Netgear routers are currently endangered by serious security loopholes just...
  7. The Most Exploited Vulnerabilities in 2021 Include CVE-2021-44228, CVE-2021-26084 Which were the most routinely exploited security vulnerabilities in 2021?...
  8. TP-Link SR20 Smart Home Routers Contain Zero-Day Flaw Google security researcher Matthew Garrett discovered a zero-day vulnerability in...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree