CVE-2018-16408

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:d-link:dir-846_firmware:100.26:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-846:-:*:*:*:*:*:*:*

History

26 Apr 2023, 18:55

Type Values Removed Values Added
CPE cpe:2.3:h:d-link:dir-846:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-846:-:*:*:*:*:*:*:*

Information

Published : 2018-09-03 19:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-16408

Mitre link : CVE-2018-16408

CVE.ORG link : CVE-2018-16408


JSON object : View

Products Affected

d-link

  • dir-846_firmware

dlink

  • dir-846
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')