CVE-2022-46552

Name of the Vulnerable Software and Affected Versions D-Link DIR-846 Firmware FW100A53DBR

Description The issue is related to a remote command execution vulnerability via the lan(0) dhcps staticlist parameter. This vulnerability can be exploited through a crafted POST request, allowing a remote attacker to execute arbitrary commands. The vulnerability is due to the lack of proper sanitization of special elements used in the operating system command when processing the lan(0) dhcps staticlist parameter.

Recommendations For D-Link DIR-846 Firmware FW100A53DBR, as a temporary workaround, consider disabling the lan(0) dhcps staticlist parameter until a patch is available. Restrict access to the vulnerable parameter to minimize the risk of exploitation. Avoid using the lan(0) dhcps staticlist parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.