PT-2022-1549 · D Link · D-Link Dir-823-Pro
Published
2022-01-24
·
Updated
2022-03-09
·
CVE-2021-46455
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-823-Pro version 1.0.2
Description
The issue is related to the implementation of the
SetStationSettings() function in the D-Link DIR-823-Pro wireless router's firmware, which is associated with insufficient input data sanitization when processing the station access enable parameter. This can allow a remote attacker to execute arbitrary commands.Recommendations
For D-Link DIR-823-Pro version 1.0.2, consider disabling the
SetStationSettings() function until a patch is available to prevent exploitation via the station access enable parameter. Restrict access to the vulnerable function to minimize the risk of arbitrary command execution. Avoid using the station access enable parameter in the affected function until the issue is resolved.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-823-Pro