PT-2021-17769 · D Link · D-Link Dir-841

Vitor Esperança

Published

2021-03-11

Updated

2021-04-23

CVE-2021-28143

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: D-Link DIR-841 versions 3.03 through 3.04

Description: The issue allows authenticated command injection via ping, ping6, or traceroute under System Tools, specifically affecting the /jsonrpc endpoint.

Recommendations: For versions 3.03 and 3.04, consider disabling the System Tools feature or restricting access to the /jsonrpc endpoint until a patch is available. As a temporary workaround, avoid using the ping, ping6, or traceroute commands under System Tools to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-28143

Affected Products

D-Link Dir-841

PT-2021-17769 · D Link · D-Link Dir-841

CVE-2021-28143

Weakness Enumeration

Related Identifiers

Affected Products

References · 5