First published: Thu Feb 17 2022(Updated: )
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-846 Firmware | =100a43 | |
Dlink Dir-846 | =a1 | |
Dlink Dir-846 Firmware | =100a53dla | |
Dlink Dir-846 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-46319 is a Remote Code Execution (RCE) vulnerability in D-Link Router DIR-846.
The severity of CVE-2021-46319 is critical with a CVSS score of 9.8.
CVE-2021-46319 allows malicious users to bypass shell metacharacters in the ssid0 or ssid1 parameters and execute arbitrary commands.
D-Link Router DIR-846 with firmware versions 100a43 and 100a53dla are affected by CVE-2021-46319.
To fix CVE-2021-46319, it is recommended to update the firmware of D-Link Router DIR-846 to the latest version.