CISA adds CVE-2021-45382 vulnerability to exploited catalog
The Cybersecurity and Infrastructure Security Agency (CISA) recently published a new report adding CVE-2021-45382 to its catalog of known exploited vulnerabilities. CVE-2021-45382 is a Remote Code Execution (RCE) vulnerability affecting all D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L series.
Affected files are the sections of the ncc2 binary file on these devices that are associated with DDNS capabilities, which are called when queried and can be used to interrogate a given device for information, as well as enable diagnostic services on demand. The ncc2 service on the affected devices allows for basic firmware and language file upgrades via the web interface. This allows attackers to inject malicious code to gain full access.
CISA stated that CVE-2021-45382 is a critical security vulnerability due to the end-of-life (EOL) of affected products. Last updated on December 19, 2021, and unlikely to be patched by D-Link, consumers and businesses are advised to retire this line of D-Link routers.
At present, there are relevant codes on GitHub, which makes these routers more likely to be attacked. The D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L series were released between 2012 and 2014. In addition to the D-Link routers, the US Cybersecurity and Infrastructure Security Agency recently made similar recommendations for the Netgear DGN2200, D-Link DIR-610, and DIR-645 routers.
