Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/04/2021 Updated: 17/05/2024

CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 517

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

An issue exists on D-Link DIR-802 A1 devices up to and including 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dir-802_firmware

CWE-78 https://www.dlink.com/en/security-bulletin/https://cool-y.github.io/2021/03/02/DIR-802-OS-Command-Injection https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10206 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-29379

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect