CVE-2020-21016

Name of the Vulnerable Software and Affected Versions D-Link DIR-846 version 100A35

Description The issue is related to insufficient argument validation in a command, allowing remote attackers to execute arbitrary code as root. This can be achieved via a specially crafted request to the "HNAP1/control/SetGuestWLanSettings.php" endpoint.

Recommendations For D-Link DIR-846 version 100A35, consider disabling access to the HNAP1/control/SetGuestWLanSettings.php endpoint until a patch is available. Restricting the use of the HNAP1 protocol may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.