CVE-2017-14429

Name of the Vulnerable Software and Affected Versions D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02

Description The issue is related to the DHCP service in the D-Link DIR-850L router's firmware, specifically with the handling of input data in the /etc/services/INET/inet ipv4.php file. This can be exploited by a remote attacker to execute arbitrary code with root privileges using shell metacharacters. The vulnerability affects the generation of files such as WAN-1-udhcpc.sh.

Recommendations For D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1, update the firmware to a version later than FW114WWb07 h2ab beta1 to resolve the issue. For D-Link DIR-850L REV. B versions through FW208WWb02, update the firmware to a version later than FW208WWb02 to resolve the issue. As a temporary workaround, consider restricting access to the /etc/services/INET/inet ipv4.php file to minimize the risk of exploitation. Avoid using the WAN-1-udhcpc.sh file until the issue is resolved.