CVE-2021-46442
CVE-2021-46442 is a critical-severity vulnerability in Dlink Dir-825 Firmware with a CVSS 3.x base score of 9.8. Its EPSS exploit-prediction score of 55% places it in the 99th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- CVSS v2: 7.5
- EPSS exploit prediction: 55% (99th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Dlink Dir-825 Firmware
- Published:
- Last modified:
Description
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.
Frequently asked questions
- What is CVE-2021-46442?
- In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.
- How severe is CVE-2021-46442?
- CVE-2021-46442 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2021-46442 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 55% (99th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-46442?
- CVE-2021-46442 affects Dlink Dir-825 Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2021-46442?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2021-46442 published?
- CVE-2021-46442 was published on 2022-04-27 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:dlink:dir-825_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Dlink Dir-825 Firmware
- CVE-2025-7206 — Critical (CVSS 9.8): A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the…
- CVE-2022-47035 — Critical (CVSS 9.8): Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary…
- CVE-2019-16920 — Critical (CVSS 9.8): Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The…
- CVE-2026-7068 — High (CVSS 8.8): A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c…
- CVE-2025-10666 — High (CVSS 8.8): A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function…
- CVE-2025-10034 — High (CVSS 8.8): A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file…