Tyao

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-846 version 1.00A52 **Description** The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-846 router's firmware, specifically concerning the handling of the `tomography ping address` parameter. This can be exploited by sending specially crafted requests to the `/HNAP1` interface, potentially allowing a remote attacker to execute arbitrary commands. **Recommendations** For D-Link DIR-846 version 1.00A52, consider restricting access to the `/HNAP1` interface until a patch is available. As a temporary workaround, avoid using the `tomography ping address` parameter in the affected interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.