Arbitrary Command Execution in D-Link Router DIR-846 (CVE-2021-xxxx)
CVE-2020-27600 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.
Learn more about our Web Application Penetration Testing UK.