CVE-2022-46476

Name of the Vulnerable Software and Affected Versions D-Link DIR-859 A1 version 1.05

Description The issue is related to a command injection vulnerability in the soapcgi main() function of the D-Link DIR-859 A1 router's firmware. This vulnerability can be exploited by a remote attacker to execute arbitrary commands due to inadequate data cleaning at the management level. The vulnerability is specifically tied to the service= variable in the soapcgi main function.

Recommendations For D-Link DIR-859 A1 version 1.05, consider disabling the soapcgi main() function as a temporary workaround until a patch is available. Restrict access to the service= variable in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.