Arbitrary Command Execution in D-Link Router DIR-846 (CVE-2021-xxxx)

Arbitrary Command Execution in D-Link Router DIR-846 (CVE-2021-xxxx)

CVE-2020-27600 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.

Learn more about our Web Application Penetration Testing UK.