Jeremy Laidman

**Name of the Vulnerable Software and Affected Versions** D-Link DCH-M225 versions 1.05b01 and earlier **Description** The issue is related to the lack of proper sanitization of special elements used in the operating system command when processing the `media renderer` parameter in the name string. This allows remote authenticated administrators to execute arbitrary OS commands via shell metacharacters in the media renderer name. The exploitation of this issue can enable a remote attacker to execute arbitrary commands. **Recommendations** For D-Link DCH-M225 versions 1.05b01 and earlier, as a temporary workaround, consider restricting access to the media renderer name parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DCH-M225 versions 1.05b01 and earlier **Description** The issue is related to the spotifyConnect.php script in the D-Link DCH-M225 device, where it fails to neutralize special elements used in an OS command when processing the `userName` parameter. This allows remote attackers to execute arbitrary OS commands via shell metacharacters. Exploitation of the issue can enable a remote attacker to execute arbitrary commands by sending specially crafted HTTP requests. **Recommendations** For D-Link DCH-M225 versions 1.05b01 and earlier, as a temporary workaround, consider restricting access to the spotifyConnect.php script until a patch is available. Avoid using the `userName` parameter in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.