Hsin

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 **Description** The issue is related to a command injection vulnerability in the `lxmldbc system()` function, specifically via the `ST` parameter. This vulnerability is due to insufficient argument checking, which could allow a remote attacker to execute arbitrary commands. **Recommendations** For D-Link DIR-600 Hardware Version B5, Firmware Version 2.18, as a temporary workaround, consider disabling the `lxmldbc system()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.