VYPR

DIR-846W

by Dlink

CVEs (19)

  • CVE-2023-33735CriMay 31, 2023
    risk 0.66cvss 9.8epss 0.33

    D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.

  • CVE-2021-46314CriFeb 17, 2022
    risk 0.66cvss 9.8epss 0.33

    A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable…

  • CVE-2022-46642CriDec 23, 2022
    risk 0.65cvss 9.9epss 0.03

    D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

  • CVE-2022-46641CriDec 23, 2022
    risk 0.65cvss 9.9epss 0.03

    D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.

  • CVE-2020-27600CriApr 2, 2021
    risk 0.65cvss 9.8epss 0.14

    HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.

  • CVE-2024-44342CriAug 27, 2024
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.

  • CVE-2024-44341CriAug 27, 2024
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

  • CVE-2024-41622CriAug 27, 2024
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.

  • CVE-2020-21016CriOct 31, 2022
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.

  • CVE-2021-46319CriFeb 17, 2022
    risk 0.64cvss 9.8epss 0.06

    Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute…

  • CVE-2021-46315CriFeb 17, 2022
    risk 0.64cvss 9.8epss 0.06

    Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the…

  • CVE-2019-17510CriOct 11, 2019
    risk 0.64cvss 9.8epss 0.04

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.

  • CVE-2019-17509CriOct 11, 2019
    risk 0.64cvss 9.8epss 0.03

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.

  • CVE-2022-46552HigFeb 2, 2023
    risk 0.61cvss 8.8epss 0.10

    D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

  • CVE-2024-44340HigAug 27, 2024
    risk 0.57cvss 8.8epss 0.02

    D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings.

  • CVE-2023-6580HigDec 7, 2023
    risk 0.57cvss 8.8epss 0.02

    A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to…

  • CVE-2023-43284HigOct 5, 2023
    risk 0.57cvss 8.8epss 0.02

    D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter.

  • CVE-2018-16408HigSep 3, 2018
    risk 0.47cvss 7.2epss 0.05

    D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.

  • CVE-2024-0717MedJan 19, 2024
    risk 0.36cvss 5.3epss 0.18

    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…