CVE-2020-21016
Severity
9.8CRITICAL
EPSS
10.4%
top 6.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 31
Description
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
2CVEList▶
CVE-2020-21016: D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings↗2022-10-31
GHSA▶
GHSA-6p9q-3fp4-ff53: D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings↗2022-10-31