CVE-2022-46642 — Command Injection in Dlink Dir-846 Firmware

CWE-77 — Command Injection3 documents3 sources

Severity

9.9CRITICALNVD

EPSS

6.9%

top 8.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-846 Firmware

Timeline

PublishedDec 23

Description

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages1 packages

▶NVDdlink/dir-846_firmware100a43

🔴Vulnerability Details

GHSA

GHSA-62xc-g7hf-p457: D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo f↗2022-12-23

▶

CVEList

CVE-2022-46642: D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo f↗2022-12-23

▶