CVE-2023-6580

🗓️ 07 Dec 2023 21:31:05Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

Vulnerability in D-Link DIR-846 FW100A53DBR allows remote deserialization via /HNAP1/QoS POST Handle

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the SetSmartQoSSettings.php script in D-Link DIR-846 router software allows a hacker to execute arbitrary commands.	11 Dec 202300:00	–	bdu_fstec
CNNVD	D-Link DIR-846 代码问题漏洞	7 Dec 202300:00	–	cnnvd
CNVD	D-Link DIR-846 Deserialization Vulnerability	11 Dec 202300:00	–	cnvd
Cvelist	CVE-2023-6580 D-Link DIR-846 QoS POST deserialization	7 Dec 202321:31	–	cvelist
EUVD	EUVD-2023-58804	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6580	7 Dec 202322:15	–	nvd
OSV	CVE-2023-6580	7 Dec 202322:15	–	osv
Prion	Deserialization of untrusted data	7 Dec 202322:15	–	prion
Positive Technologies	PT-2023-7503 · D Link · D-Link Dir-846	22 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-6580	23 May 202502:05	–	redhatcve

NVD

Node

dlink dir-846_firmwareMatch100a53dbr

AND

dlink dir-846Match-

[
  {
    "vendor": "D-Link",
    "product": "DIR-846",
    "versions": [
      {
        "version": "FW100A53DBR",
        "status": "affected"
      }
    ],
    "modules": [
      "QoS POST Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
smartqos_express_devices	request body	/HNAP1/	Deserialization of crafted input via QoS POST Handler leading to remote code execution.	CWE-502
smartqos_normal_devices	request body	/HNAP1/	Deserialization of crafted input via QoS POST Handler leading to remote code execution.	CWE-502

17 Jun 2026 06:51Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.02347

CWE-502