CVE-2021-46319

{"id": "CVE-2021-46319", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-02-17T22:15:07.830", "references": [{"url": "https://github.com/doudoudedi/DIR-846_Command_Injection/blob/main/DIR-846_Command_Injection1.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use \"\\ \" or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) en el router D-Link DIR-846 DIR846A1_FW100A43.bin y DIR846enFW100A53DLA-Retail.bin. Los usuarios maliciosos pueden usar esta vulnerabilidad para usar \"\\ ~\" o backticks para omitir los metacaracteres de shell en los par\u00e1metros ssid0 o ssid1 para ejecutar comandos arbitrarios.Esta vulnerabilidad es debido a que CVE-2019-17509 no est\u00e1 completamente parcheado y puede ser omitido mediante el uso de saltos de l\u00ednea o backticks en su base"}], "lastModified": "2022-02-25T18:50:15.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-846_firmware:100a43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3294C98A-8C06-4E84-BB77-5D539360FEFB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-846:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "463CF40F-BF42-4440-A62D-F32E162E8852"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-846_firmware:100a53dla:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43DB2C54-7976-400B-A2C7-24F986E1303B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-846:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77723994-0E2A-4A90-B2C6-5B262CBBAFA1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}