Cyber Resilience

CVE-2022-46552

HighPublic PoCRCE

Published: 02 February 2023

Published
02 February 2023
Modified
27 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1868 95.4th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-46552 is a high-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-846 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR-846 routers running firmware version FW100A53DBR contain an OS command injection vulnerability, tracked as CVE-2022-46552 and assigned CWE-78. The flaw resides in the lan(0)_dhcps_staticlist parameter and is reachable through an authenticated HTTP POST request, allowing arbitrary command execution on the device.

An attacker with valid administrative credentials on the web interface can submit a crafted POST request containing shell metacharacters in the affected parameter. Successful exploitation grants remote command execution with the privileges of the web server process, enabling full control over the router’s configuration, traffic inspection, or further lateral movement within the local network. The CVSS 3.1 score of 8.8 reflects network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

EPSS for this CVE rose from a low baseline to a peak of 0.4342 on 2025-01-22 before receding to the current value of 0.1868, indicating a period of increased exploitation interest well after the original disclosure. Public references include exploit code and technical write-ups but no vendor advisory or firmware patch details.

EU & UK References

Vulnerability details

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-846 firmware
100a53dbr

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References