3 matches found
Design/Logic Flaw
Remote Command Execution RCE vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters...
CVE-2021-46315
Remote Command Execution RCE vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters...
CVE-2019-17510
CVE-2019-17510 affects D-Link DIR-846 devices running firmware 100A35, allowing remote attackers with admin access to execute arbitrary OS commands as root via a /HNAP1/ SetWizardConfig.php request using shell metacharacters. The issue targets the SetWizardConfig path under /squashfs-root/www/HNA...