D Link · D-Link Dir-841 · CVE-2021-28143
Name of the Vulnerable Software and Affected Versions:
D-Link DIR-841 versions 3.03 through 3.04
Description:
The issue allows authenticated command injection via `ping`, `ping6`, or `traceroute` under System Tools, specifically affecting the `/jsonrpc` endpoint.
Recommendations:
For versions 3.03 and 3.04, consider disabling the System Tools feature or restricting access to the `/jsonrpc` endpoint until a patch is available.
As a temporary workaround, avoid using the `ping`, `ping6`, or `traceroute` commands under System Tools to minimize the risk of exploitation.