CVE-2021-46319

Name of the Vulnerable Software and Affected Versions D-Link DIR-846 versions DIR846A1 FW100A43.bin through DIR846enFW100A53DLA-Retail.bin

Description The issue is related to insufficient argument checking in the firmware of D-Link DIR-846 routers, allowing remote attackers to execute arbitrary commands. This can be achieved by bypassing shell metacharacters in the ssid0 or ssid1 parameters using line breaks or backticks. The vulnerability exists due to an incomplete patch for a previous issue.

Recommendations For versions DIR846A1 FW100A43.bin through DIR846enFW100A53DLA-Retail.bin, consider restricting access to the vulnerable parameters ssid0 and ssid1 to minimize the risk of exploitation. As a temporary workaround, avoid using backticks or line breaks in these parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.