CVE-2022-46642
CRITICAL WAF: High
CVSS 9.9
Published: 2022-12-23
CWE-77 CWE-77
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.
WAF Coverage Analysis
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dlink | dir-846_firmware | 100a43 |
References
- github.com (Exploit, Third Party Advisory)
- www.dlink.com (Vendor Advisory)