Vulnerability Details CVE-2022-46642
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 9.9
References
- https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetAutoUpgradeInfo%20command%20injection%20vulnerability.md
- https://www.dlink.com/en/security-bulletin/
- https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetAutoUpgradeInfo%20command%20injection%20vulnerability.md
- https://www.dlink.com/en/security-bulletin/
Products affected by CVE-2022-46642
-
cpe:2.3:h:dlink:dir-846:a1
-
cpe:2.3:o:dlink:dir-846_firmware:100a43