Vulnerability Details CVE-2021-46314
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.235
EPSS Ranking 95.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-46314
-
cpe:2.3:h:dlink:dir-846:-
-
cpe:2.3:h:dlink:dir-846:a1
-
cpe:2.3:o:dlink:dir-846_firmware:100a43
-
cpe:2.3:o:dlink:dir-846_firmware:100a53dla