CVE-2019-15528

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G versions V1.0.2B05

Description The issue is related to the lack of input validation in the SetStaticRouteSettings field, allowing for command injection via shell metacharacters in the Interface field. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information by sending a request to the "HNAP1" endpoint.

Recommendations For version V1.0.2B05, consider restricting access to the "HNAP1" endpoint and the SetStaticRouteSettings field to minimize the risk of exploitation. As a temporary workaround, avoid using shell metacharacters in the Interface field until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.