Remote Code Execution Vulnerability in D-Link DIR-846 Router
CVE-2021-46319

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Dir-846 Firmware
Vendor
CVE Published:
17 February 2022

Summary

A remote code execution vulnerability exists in D-Link DIR-846 routers, enabling attackers to execute arbitrary commands via crafted SSID parameters. This flaw occurs due to insufficient patching of an earlier vulnerability (CVE-2019-17509), allowing malicious users to utilize specific characters, such as backticks or line breaks, to bypass security measures and gain control over the device.

References

https://www.dlink.com/en/security-bulletin/
x_refsource_MISC
https://github.com/doudoudedi/DIR-846_Command_Injection/b...
x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.