CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41622
https://notcve.org/view.php?id=CVE-2024-41622
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44340
https://notcve.org/view.php?id=CVE-2024-44340
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44342
https://notcve.org/view.php?id=CVE-2024-44342
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44341
https://notcve.org/view.php?id=CVE-2024-44341
27 Aug 2024 — D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •