CVE-2018-4861: An issue was discovered in D-Link DIR-846 devices with firmware versions before 1.02. There is a heap-based buffer overflow in the HNAP1/control/SetGuestWLanSettings.php script that can be exploited by a remote attacker. It is possible to execute arbitrary code in the context of the webserver by sending long strings to the HNAP1/control/SetGuestWLanSettings.php script. CVE-2018-4862: An issue was discovered in D-Link DIR-846 devices with firmware versions before 1.02. The HNAP1/control/SetGuestWLanSettings.php script does not properly sanitize user-supplied input before trying to pass it to the HNAP1/control/SetGuestWLanSettings.php script, which can be exploited by a remote attacker to create arbitrary files on the server via a maliciously-crafted request. CVE-2018-4863: An issue was discovered in D-Link DIR-846 devices with firmware versions before 1.02. There is a cross-site scripting (XSS) vulnerability in the HNAP1/control/SetGuestWLanSettings.php script that can be exploited by a remote attacker to inject arbitrary web script or HTML via a crafted request. CVE-2018-4864: An issue was discovered in D-Link D
Hardware Information
The DIR-846 is a wireless router. It can be used to set up Wi-Fi networks and access the internet by connecting to it via an Ethernet cable, but also has a built-in cellular data card slot that allows it to connect wirelessly.
D-Link DIR-869 and DIR-880 devices
D-Link DIR-869 and DIR-880 devices with firmware versions before 1.02 are vulnerable to an authentication bypass vulnerability that can be exploited by a remote attacker to access unauthorized resources.
Timeline
Published on: 10/31/2022 13:15:00 UTC
Last modified on: 11/01/2022 17:27:00 UTC