Lucene search

[email protected]CVE-2020-21016

HistoryOct 31, 2022 - 1:15 p.m.

CVE-2020-21016

2022-10-3113:15:10

[email protected]

web.nvd.nist.gov

cve-2020-21016

d-link dir-846

remote code execution

hnap1

setguestwlansettings.php

firmware vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.

Affected configurations

NVD

Node

dlinkdir-846Match-

AND

dlinkdir-846_firmwareMatch100a35

CPENameOperatorVersion
dlink:dir-846_firmwaredlink dir-846 firmwareeq100a35

CPE	Name	Operator	Version
dlink:dir-846_firmware	dlink dir-846 firmware	eq	100a35

References

github.com/dahua966/Routers-vuls/blob/master/DIR-846/GuestWLanSetting_RCE.md

www.dlink.com/en/security-bulletin/

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2020-21016

cnvd1 prion1 cvelist1 nvd1