Buffer Overflow Vulnerability in DD-WRT UPNP Service Affects Remote Device Security
CVE-2021-47854

8.7HIGH

Key Information:

Vendor

Embedd Gmbh

Status
Dd-wrt
Vendor
CVE Published:
21 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2021-47854?

The vulnerability in DD-WRT version 45723 arises from a buffer overflow in the UPNP network discovery service. This flaw allows remote attackers to send specially crafted M-SEARCH packets containing oversized UUID payloads, potentially enabling the execution of arbitrary code on the affected device. The issue poses significant risks as it can lead to unauthorized access and manipulation of network settings.

Affected Version(s)

DD-WRT 45723

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47854 - Proof of Concept

References

https://www.exploit-db.com/exploits/49730
exploit
https://dd-wrt.com/
product
https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/
product

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Selim Enes 'Enesdex' Karaduman
JSON
.