CVE-2021-46381
CVE-2021-46381
Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 58.0%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
04 Mar 2022Published on NVD
11 May 2022Public PoC
Weaponization speed
67 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/JCPpeiqi/-cve-2021-46381★ 0cve_referencepacketstormsecurity.com/files/167070/DLINK-DAP-1620-A1-1.01-Directory-Traversal.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50919unverifiedvulncheckvulncheck.com/xdb/e97aced1b854unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.