Remote Command Execution Vulnerability in D-Link DIR-846 Router
CVE-2023-33735

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-846 Firmware
Vendor: CVE Published:; 31 May 2023

Summary

The D-Link DIR-846 router has a vulnerability that allows remote command execution through the 'tomography_ping_address' parameter in the /HNAP1 interface. This flaw can enable unauthorized users to execute arbitrary commands on the router, potentially compromising the device and the network it connects to. Users are advised to review the manufacturer's security bulletin and update their firmware to mitigate the risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/DIR-846...

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 31, 2023
Vulnerability Reserved
May 22, 2023