Lucene search
China National Vulnerability DatabaseCNVD-2023-21666HistoryDec 27, 2022 - 12:00 a.m.
D-Link DIR-846 Command Injection Vulnerability (CNVD-2023-21666)
2022-12-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
d-link
wireless router
china
command injection
vulnerability
auto_upgrade_hour parameter
setautoupgradeinfo function
arbitrary command execution
0.001 Low
EPSS
Percentile
30.8%
D-Link DIR-846 is a wireless router from D-Link, China. d-link DIR-846 A1_FW100A43 has a command injection vulnerability, which originates from the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function fails to properly filter the construct command special characters The vulnerability can be exploited to cause arbitrary command execution.
Related
cve
cve
CVE-2022-46642
2022-12-23 15:15:16
prion
prion
Command injection
2022-12-23 15:15:00
nvd
nvd
CVE-2022-46642
2022-12-23 15:15:16
cvelist
cvelist
CVE-2022-46642
2022-12-23 00:00:00