PT-2022-27933 · D Link · D-Link Dir-846
Published
2022-12-23
·
Updated
2022-12-30
·
CVE-2022-46642
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-846 version A1 FW100A43
Description
A command injection issue was discovered via the
auto upgrade hour parameter in the SetAutoUpgradeInfo function. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.Recommendations
For D-Link DIR-846 version A1 FW100A43, consider restricting access to the
SetAutoUpgradeInfo function until a patch is available. As a temporary workaround, avoid using the auto upgrade hour parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-846