Evan Qi

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-1260 and DIR-2150 routers (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. The flaw exists within the CLI service, which listens on TCP port 23, due to the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Authentication is required to exploit this issue. **Recommendations** For D-Link DIR-1260 and DIR-2150 routers, consider disabling the CLI service until a patch is available. Restrict access to TCP port 23 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.