CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6580 – D-Link DIR-846 QoS POST deserialization
https://notcve.org/view.php?id=CVE-2023-6580
07 Dec 2023 — A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-43284
https://notcve.org/view.php?id=CVE-2023-43284
05 Oct 2023 — D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. Un problema en la versión de firmware 100A53DBR-Retail del router D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 permite a un atacante remoto ejecutar código arbitrario. • https://github.com/MateusTesser/CVE-2023-43284 •
CVSS: 9.0EPSS: 47%CPEs: 2EXPL: 4CVE-2022-46552 – D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2022-46552
02 Feb 2023 — D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. D-Link DIR-846 suffers from a remote command execution vulnerability. • https://packetstorm.news/files/id/171710 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •