CVE-2018-17064

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 A2 version 1.10 B05

Description An issue exists due to the lack of neutralization of special elements used in the command string construction within the handler function of the "/goform/sylogapply" route. This could lead to command injection via the syslogIp parameter after "/goform/clearlog" is invoked, allowing a remote attacker to execute arbitrary commands.

Recommendations For D-Link DIR-816 A2 version 1.10 B05, as a temporary workaround, consider restricting access to the "/goform/sylogapply" route and avoid using the syslogIp parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.