Home > Cyber News > Disconnect D-Link Routers Vulnerable to CVE-2021-45382
CYBER NEWS

Disconnect D-Link Routers Vulnerable to CVE-2021-45382

Disconnect D-Link Routers Vulnerable to CVE-2021-45382

CVE-2021-45382 is a Remote Code Execution (RCE) vulnerability in D-Link routers. More specifically, all series of H/W revisions D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file, are affected, according to the official CVE advisory.




More about CVE-2021-45382

However, instead of patching the vulnerability, D-Link is advising users to disconnect them, because the models are reaching their end-of-life (EOL) point.

D-Link says that the affected models that have reached EOL are the following: DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L all series, plus all hardware revisions. The last update was released on December 19, 2021.

The vulnerability stems from the so-called Dynamic Domain Name System, shortly DDNS, which allows systems to overcome issues related to Dynamic IP Addresses.

As for the ncc2 service, it could enable basic firmware and language file upgrades on affected models using the web interface. The service on the said routers had been shipped with a number of diagnostic hooks available, making it possible to be called without authentication.

Cybersecurity and Infrastructure Security Agency, shortly known as CISA, has added the CVE-2021-45382 vulnerability to its catalog of exploited bugs. If you are an owner of a vulnerable D-Link router of the said models, you are strongly advised to disconnect the device and replace it with a supported one. It is not safe to use a device that has reached its end-of-life capacity.

“If a product has reached End of Support (“EOS”) / End of Life (“EOL”), there is normally no further extended support or development for it,” D-Link noted.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree