CVE-2021-44880: Command Injection
First published: Fri Feb 04 2022(Updated: )
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-878 Firmware | <=1.20b05 | |
| Dlink Dir-878 Firmware | =1.30b08-hotfix_02_beta | |
| Dlink Dir-878 | ||
| Dlink Dir-882 Firmware | <=1.30b06 | |
| Dlink Dir-882 Firmware | =1.30b06-hotfix_02_beta | |
| Dlink Dir-882 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-44880?
CVE-2021-44880 is a command injection vulnerability affecting D-Link devices DIR-878 and DIR-882.
What is the severity of CVE-2021-44880?
CVE-2021-44880 has a severity rating of 9.8, which is considered critical.
How does CVE-2021-44880 work?
CVE-2021-44880 allows attackers to execute arbitrary commands by sending a crafted HNAP1 POST request to the affected D-Link devices.
Which D-Link devices are affected by CVE-2021-44880?
D-Link devices DIR-878 (firmware versions up to 1.30B08_Hotfix_02) and DIR-882 (firmware versions up to 1.30B06_Hotfix_02) are affected by CVE-2021-44880.
How can I mitigate CVE-2021-44880?
To mitigate CVE-2021-44880, it is recommended to update the firmware on the affected D-Link devices to the latest patched version.
- collector/nvd-index
- agent/severity
- agent/author
- vendor/dlink
- canonical/dlink dir-878 firmware
- version/dlink dir-878 firmware/1.20b05
- version/dlink dir-878 firmware/1.30b08-hotfix_02_beta
- canonical/dlink dir-878
- canonical/dlink dir-882 firmware
- version/dlink dir-882 firmware/1.30b06
- version/dlink dir-882 firmware/1.30b06-hotfix_02_beta
- canonical/dlink dir-882