CVE-2022-46641

CRITICAL

D-Link DIR-846 A1_FW100A43 - Command Injection

Title source: llm

Description

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/CyberUnicornIoT/IoTvuln/blob/main/d-link/dir-846/D-Link%20dir-846%20SetIpMacBindSettings%20Command%20Injection%20Vulnerability.md

Vendor Advisory

https://www.dlink.com/en/security-bulletin/

Scores

CVSS v3 9.9

EPSS 0.0693

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

dlink/dir-846_firmware 100a43

Published Dec 23, 2022

Tracked Since Feb 18, 2026