D-Link DIR-846W A1 FW100A43 Vulnerability Affects Remote Command Execution
CVE-2024-41622

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-846w Firmware
Vendor: CVE Published:; 27 August 2024

Summary

The D-Link DIR-846W A1 router was found to be vulnerable to a remote command execution (RCE) attack, which can be exploited through the 'tomography_ping_address' parameter in the /HNAP1/ interface. This vulnerability may allow unauthenticated attackers to execute arbitrary commands on the affected device, potentially compromising the integrity of the router and exposing sensitive network data. It is crucial for users to apply necessary security measures to protect their network devices from this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI...

https://github.com/yali-1002/some-poc/blob/main/CVE-2024-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Jul 18, 2024