Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
D-Link DIR-846 操作系统命令注入漏洞
Vulnerability Description
D-Link DIR-846是中国台湾友讯(D-Link)公司的一款无线路由器。 D-Link DIR-846 中存在操作系统命令注入漏洞,该漏洞源于产品HNAP1/control/SetNetworkTomographySettings.php文件在判断域名是否合理时未对反引号进行有效过滤。攻击者可通过该漏洞执行命令。
CVSS Information
N/A
Vulnerability Type
N/A