First published: Fri Feb 04 2022(Updated: )
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-878 Firmware | <=1.20b05 | |
Dlink Dir-878 Firmware | =1.30b08-hotfix_02_beta | |
Dlink Dir-878 | ||
Dlink Dir-882 Firmware | <=1.30b06 | |
Dlink Dir-882 Firmware | =1.30b06-hotfix_02_beta | |
Dlink Dir-882 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44880 is a command injection vulnerability affecting D-Link devices DIR-878 and DIR-882.
CVE-2021-44880 has a severity rating of 9.8, which is considered critical.
CVE-2021-44880 allows attackers to execute arbitrary commands by sending a crafted HNAP1 POST request to the affected D-Link devices.
D-Link devices DIR-878 (firmware versions up to 1.30B08_Hotfix_02) and DIR-882 (firmware versions up to 1.30B06_Hotfix_02) are affected by CVE-2021-44880.
To mitigate CVE-2021-44880, it is recommended to update the firmware on the affected D-Link devices to the latest patched version.