CVE-2021-46442

Published April 27th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.

t0ptop/D-Link-DIR-825

D-Link DIR-825 have an unauthorized command injection vulnerability.

GitHub