CVE-2023-24331

Name of the Vulnerable Software and Affected Versions D-Link Dir 816 version DIR-816 A2 v1.10CNB04

Description The issue is related to a Command Injection vulnerability that allows attackers to run arbitrary commands via the urlAdd parameter. This can potentially enable a remote attacker to elevate privileges and execute arbitrary commands. The vulnerability is associated with a buffer overflow in memory due to the lack of neutralization of special elements used in the operating system command when processing the urlAdd parameter.

Recommendations For version DIR-816 A2 v1.10CNB04, consider disabling access to the urlAdd parameter until a patch is available to prevent exploitation. Restricting access to this parameter can help minimize the risk of command injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.