D Link · D-Link Dap-1360 · CVE-2020-26582
**Name of the Vulnerable Software and Affected Versions**
D-Link DAP-1360U versions prior to 3.0.1
**Description**
The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping, specifically through the `res config action=3&res config id=18` parameter.
**Recommendations**
For D-Link DAP-1360U versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ping functionality with `res config action=3&res config id=18` until a patch is applied.