Command Injection Vulnerability in D-Link Router Product
CVE-2022-46641

9.9CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-846 Firmware
Vendor: CVE Published:; 23 December 2022

What is CVE-2022-46641?

The D-Link DIR-846 router has been found to possess a command injection vulnerability through the lan(0)_dhcps_staticlist parameter within its SetIpMacBindSettings function. This flaw allows attackers to execute arbitrary commands, potentially compromising the security and functionality of the device. Users are recommended to apply the latest firmware updates and follow security best practices to mitigate risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-li...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022