CVE-2021-45382 is a Remote Code Execution (RCE) vulnerability in D-Link routers. More specifically, all series of H/W revisions D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file, are affected, according to the official CVE advisory.
More about CVE-2021-45382
However, instead of patching the vulnerability, D-Link is advising users to disconnect them, because the models are reaching their end-of-life (EOL) point.
D-Link says that the affected models that have reached EOL are the following: DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L all series, plus all hardware revisions. The last update was released on December 19, 2021.
The vulnerability stems from the so-called Dynamic Domain Name System, shortly DDNS, which allows systems to overcome issues related to Dynamic IP Addresses.
As for the ncc2 service, it could enable basic firmware and language file upgrades on affected models using the web interface. The service on the said routers had been shipped with a number of diagnostic hooks available, making it possible to be called without authentication.
Cybersecurity and Infrastructure Security Agency, shortly known as CISA, has added the CVE-2021-45382 vulnerability to its catalog of exploited bugs. If you are an owner of a vulnerable D-Link router of the said models, you are strongly advised to disconnect the device and replace it with a supported one. It is not safe to use a device that has reached its end-of-life capacity.
“If a product has reached End of Support (“EOS”) / End of Life (“EOL”), there is normally no further extended support or development for it,” D-Link noted.