CVE-2018-16408

high

Description

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.

References

https://www.us-cert.gov/ncas/bulletins/SB18-253

https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link%20DIR-846%20RCE.md

Details

Source: Mitre, NVD

Published: 2018-09-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.04569