First published: Wed Apr 27 2022(Updated: )
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-825 Firmware | ||
Dlink Dir-825 | =g1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2021-46442.
The severity of CVE-2021-46442 is critical with a CVSS score of 9.8.
The vulnerability CVE-2021-46442 allows attackers to bypass authentication in the "webupg" binary of D-Link DIR-825 G1 and perform unauthorized actions such as downloading configuration files and updating firmware.
Yes, D-Link DIR-825 G1 firmware is vulnerable to CVE-2021-46442.
To fix the vulnerability CVE-2021-46442, D-Link recommends updating the firmware to the latest version available.