Lucene search

[email protected]CVE-2022-46552

HistoryFeb 02, 2023 - 1:15 p.m.

CVE-2022-46552

2023-02-0213:15:09

CWE-78

[email protected]

web.nvd.nist.gov

d-link

dir-846

firmware

fw100a53dbr

remote command execution

rce

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.082 Low

EPSS

Percentile

94.4%

JSON

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

Affected configurations

NVD

Node

dlinkdir-846Match-

AND

dlinkdir-846_firmwareMatch100a53dbr

CPENameOperatorVersion
dlink:dir-846_firmwaredlink dir-846 firmwareeq100a53dbr

CPE	Name	Operator	Version
dlink:dir-846_firmware	dlink dir-846 firmware	eq	100a53dbr

References

packetstormsecurity.com/files/171710/D-Link-DIR-846-Remote-Command-Execution.html

cwe.mitre.org/data/definitions/78.html

francoataffarel.medium.com/cve-2022-46552-d-link-dir-846-wireless-router-in-firmware-fw100a53dbr-retail-has-a-vulnerability-5b4ca1864c6e

github.com/c2dc/cve-reported/blob/main/CVE-2022-46552/CVE-2022-46552.md

github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/SystemExecFunctionsSniff.php

www.dlink.com/en/security-bulletin/

www.php.net/manual/en/ref.exec.php

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.082 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2022-46552

prion1 cvelist1 nvd1 zdt1 cnvd1 packetstorm1 exploitdb1