Login Sign Up

CVE-2021-46229

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-7200GV2.E1 routers via command injection in the usb_paswd.asp function. Attackers can exploit this by manipulating the name parameter to run malicious commands. Organizations using affected D-Link router models are at risk.

💻 Affected Systems

Products:
  • D-Link DI-7200GV2.E1
Versions: v21.04.09E1
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Di 7200gv2 Firmware by Dlink

View all CVEs affecting Di 7200gv2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept traffic, or use the device for botnet activities.

🟠

Likely Case

Attackers gain shell access to execute commands, potentially stealing credentials, modifying configurations, or disrupting network services.

🟢

If Mitigated

Limited impact if device is behind firewalls with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub repositories, making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for latest patched version

Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10284

Restart Required: Yes

Instructions:

1. Access D-Link support site. 2. Download latest firmware for DI-7200GV2.E1. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot device.

🔧 Temporary Workarounds

Disable USB functions

all

If USB features are not needed, disable them to remove attack surface.

Network segmentation

all

Isolate affected routers in separate VLANs with strict firewall rules.

🧯 If You Can't Patch

  • Block external access to router management interface using firewall rules.
  • Implement network monitoring for unusual outbound connections from the router.

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface; if version is v21.04.09E1 or potentially earlier, device is vulnerable.

Check Version:

Log into router web interface and navigate to System Status or similar section to view firmware version.

Verify Fix Applied:

After patching, verify firmware version has changed from v21.04.09E1 to a newer version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual commands in system logs
  • Multiple failed login attempts to usb_paswd.asp
  • Unexpected process execution

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known malicious IPs

SIEM Query:

source="router_logs" AND ("usb_paswd.asp" OR "command injection")

📊 Metadata

CVE ID: CVE-2021-46229
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46229, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)