Hac425

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823G version 2018-09-19 **Description** The issue allows unauthorized changes to the admin password through the GoAhead configuration, specifically by sending /HNAP1 SetPasswdSettings commands without proper authentication. **Recommendations** For D-Link DIR-823G version 2018-09-19, as a temporary workaround, consider restricting access to the GoAhead configuration to prevent unauthorized password changes until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-823G devices (affected versions not specified) **Description** The issue is related to the lack of authentication in certain components of the D-Link DIR-823G device's firmware, specifically `ExportSettings.sh`, `upload settings.cgi`, `GetDownLoadSyslog.sh`, and `upload firmware.cgi`. This allows remote attackers to execute arbitrary code. The vulnerability is associated with the possibility of bypassing authentication, which can enable a remote attacker to perform unauthorized actions. **Recommendations** For D-Link DIR-823G devices, consider disabling the `ExportSettings.sh`, `upload settings.cgi`, `GetDownLoadSyslog.sh`, and `upload firmware.cgi` components until a patch is available to prevent remote attackers from executing arbitrary code. Restrict access to these components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.