Lyaobol

**Name of the Vulnerable Software and Affected Versions** D-Link DI-8300 version 16.07.26A1 **Description** The issue is related to the `msp info htm` function in the D-Link DI-8300 router's firmware, which is vulnerable to command injection. This vulnerability can be exploited by a remote attacker to execute arbitrary commands using a GET request. **Recommendations** For D-Link DI-8300 version 16.07.26A1, consider disabling the `msp info htm` function until a patch is available to prevent command injection attacks. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `msp info htm` function in API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DI-8300 version 16.07.26A1 **Description** The issue is related to the `upgrade filter asp` function in the D-Link DI-8300 router's firmware, which does not properly sanitize input data. This can be exploited by a remote attacker to execute arbitrary commands using a GET request. The vulnerability allows for command injection, potentially leading to unauthorized access and control of the device. **Recommendations** For D-Link DI-8300 version 16.07.26A1, consider disabling the `upgrade filter asp` function until a patch is available to prevent command injection attacks. Restrict access to the device and its management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-300 REVA FIRMWARE version 1.06B05 WW **Description** The issue is related to the Telnet service in the firmware of D-Link DIR-300 routers, where hardcoded credentials are present. This could allow a remote attacker to exploit the vulnerability and gain full control over the device. **Recommendations** For D-Link DIR-300 REVA FIRMWARE version 1.06B05 WW, consider disabling the Telnet service until a patch is available to prevent potential exploitation. Restrict access to the device to minimize the risk of unauthorized control. At the moment, there is no information about a newer version that contains a fix for this vulnerability.