CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6580 – D-Link DIR-846 QoS POST deserialization
https://notcve.org/view.php?id=CVE-2023-6580
07 Dec 2023 — A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-43284
https://notcve.org/view.php?id=CVE-2023-43284
05 Oct 2023 — D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. Un problema en la versión de firmware 100A53DBR-Retail del router D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 permite a un atacante remoto ejecutar código arbitrario. • https://github.com/MateusTesser/CVE-2023-43284 •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-33735
https://notcve.org/view.php?id=CVE-2023-33735
31 May 2023 — D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. • https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/DIR-846/vul.md •
CVSS: 9.0EPSS: 47%CPEs: 2EXPL: 4CVE-2022-46552 – D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2022-46552
02 Feb 2023 — D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. D-Link DIR-846 suffers from a remote command execution vulnerability. • https://packetstorm.news/files/id/171710 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-46642
https://notcve.org/view.php?id=CVE-2022-46642
23 Dec 2022 — D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. • https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetAutoUpgradeInfo%20command%20injection%20vulnerability.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-46641
https://notcve.org/view.php?id=CVE-2022-46641
23 Dec 2022 — D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. • https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetIpMacBindSettings%20Command%20Injection%20Vulnerability.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21016
https://notcve.org/view.php?id=CVE-2020-21016
31 Oct 2022 — D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. Los dispositivos D-Link DIR-846 con firmware 100A35 permiten a atacantes remotos ejecutar código arbitrario como root a través de HNAP1/control/SetGuestWLanSettings.php. • https://github.com/dahua966/Routers-vuls/blob/master/DIR-846/GuestWLanSetting_RCE.md •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 1CVE-2021-46319
https://notcve.org/view.php?id=CVE-2021-46319
17 Feb 2022 — Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis. Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) ... • https://github.com/doudoudedi/DIR-846_Command_Injection/blob/main/DIR-846_Command_Injection1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 1CVE-2021-46315
https://notcve.org/view.php?id=CVE-2021-46315
17 Feb 2022 — Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. Se presenta un... • https://github.com/doudoudedi/DIR-846_Command_Injection/blob/main/DIR-846_Command_Injection1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-46314
https://notcve.org/view.php?id=CVE-2021-46314
17 Feb 2022 — A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. Se presenta una vulnerabilidad de Ejecución de Comandos Remota (RCE) en el archivo HNAP1/control/SetNetworkTomographySettings.php del router D-Link DIR-846 DIR846A1_FW100A43.bin y DIR846enFW100A53DLA-Retail.bin porque pue... • https://github.com/doudoudedi/DIR-846_Command_Injection/blob/main/DIR-846_Command_Injection1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •