CVE-2022-46641

Опубликовано: 23 дек. 2022

Источник: nvd

CVSS3: 9.9

EPSS Низкий

Описание

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.

Ссылки

https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetIpMacBindSettings%20Command%20Injection%20Vulnerability.md
Exploit
Third Party Advisory
https://www.dlink.com/en/security-bulletin/
Vendor Advisory
https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetIpMacBindSettings%20Command%20Injection%20Vulnerability.md
Exploit
Third Party Advisory
https://www.dlink.com/en/security-bulletin/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-846_firmware:100a43:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-846:a1:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02724

Низкий

9.9 Critical

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-23qm-j98q-xr7j