Dlink

Dir-846 Firmware

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-6580

Exploit
  • EPSS 0.25%
  • Published 07.12.2023 22:15:08
  • Last modified 21.11.2024 08:44:08

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_...

8.8

CVE-2023-43284

Exploit
  • EPSS 30.33%
  • Published 05.10.2023 20:15:13
  • Last modified 21.11.2024 08:23:56

D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter.

9.8

CVE-2023-33735

Exploit
  • EPSS 74.49%
  • Published 31.05.2023 20:15:10
  • Last modified 10.01.2025 15:15:13

D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.

8.8

CVE-2022-46552

Exploit
  • EPSS 21.61%
  • Published 02.02.2023 13:15:09
  • Last modified 27.03.2025 14:15:19

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

9.9

CVE-2022-46642

Exploit
  • EPSS 1.77%
  • Published 23.12.2022 15:15:16
  • Last modified 15.04.2025 04:15:33

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

9.9

CVE-2022-46641

Exploit
  • EPSS 1.77%
  • Published 23.12.2022 15:15:15
  • Last modified 15.04.2025 04:15:32

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.

9.8

CVE-2020-21016

Exploit
  • EPSS 3.98%
  • Published 31.10.2022 13:15:10
  • Last modified 07.05.2025 14:15:26

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.

10

CVE-2021-46315

Exploit
  • EPSS 26.25%
  • Published 17.02.2022 22:15:07
  • Last modified 21.11.2024 06:33:52

Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the she...

10

CVE-2021-46319

Exploit
  • EPSS 16.56%
  • Published 17.02.2022 22:15:07
  • Last modified 21.11.2024 06:33:52

Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or...

9.8

CVE-2021-46314

Exploit
  • EPSS 23.47%
  • Published 17.02.2022 21:15:07
  • Last modified 21.11.2024 06:33:52

A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging...