CVE-2018-16408

Name of the Vulnerable Software and Affected Versions D-Link DIR-846 version 100.26

Description The issue exists due to the lack of measures to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary code. The exploitation can occur via a SetNetworkTomographySettings request, leveraging admin access.

Recommendations For D-Link DIR-846 version 100.26, consider restricting access to the SetNetworkTomographySettings request to minimize the risk of exploitation until a patch is available. Additionally, limiting admin access can help reduce the vulnerability to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.