CVE-2021-45382 D-Link CVE debrief

Who should care

Organizations that still operate or expose D-Link Multiple Routers, especially if the devices are end-of-life, internet-facing, or used in small-office or branch environments where replacement may have been delayed.

Technical summary

The supplied record identifies CVE-2021-45382 as a remote code execution issue in D-Link Multiple Routers. The CISA KEV entry classifies the impacted product as end-of-life and recommends disconnecting it if it remains deployed. No CVSS score was provided in the supplied corpus.

Defensive priority

High. Presence in CISA KEV and the end-of-life status of the affected product make this an urgent remediation item, with disconnect or replacement preferred over waiting for a patch.

Recommended defensive actions

• Inventory all D-Link Multiple Routers in your environment, including shadow IT and branch-office deployments.
• If the affected devices are still in use and cannot be immediately replaced, disconnect them from networks where they are not strictly required.
• Replace end-of-life D-Link routers with supported hardware and firmware.
• Remove any unnecessary internet exposure or remote administration paths while migration is underway.
• Segment networks so legacy devices cannot directly access sensitive assets.
• Review logs and alerting around the affected devices for signs of unexpected administration or compromise.

Evidence notes

This debrief is based on the supplied CVE metadata and the CISA KEV source item. The source item explicitly states the impacted product is end-of-life and should be disconnected if still in use. The CVE title and description identify the issue as a remote code execution vulnerability. No additional technical details or CVSS score were provided in the corpus.

Official resources