CVE-2023-33735

Name of the Vulnerable Software and Affected Versions D-Link DIR-846 version 1.00A52

Description The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-846 router's firmware, specifically concerning the handling of the tomography ping address parameter. This can be exploited by sending specially crafted requests to the /HNAP1 interface, potentially allowing a remote attacker to execute arbitrary commands.

Recommendations For D-Link DIR-846 version 1.00A52, consider restricting access to the /HNAP1 interface until a patch is available. As a temporary workaround, avoid using the tomography ping address parameter in the affected interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.