D-Link DIR-846 is a wireless router from D-Link, China. d-link DIR-846 A1_FW100A43 has a command injection vulnerability, which originates from the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function fails to properly filter the construct command special characters The vulnerability can be exploited to cause arbitrary command execution.