CVE-2018-17787

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G devices

Description The issue concerns the GoAhead configuration on D-Link DIR-823G devices, which allows command injection via shell metacharacters in the POST data sent to the system library function. This is due to the lack of measures to neutralize special elements used in the operating system command. An attacker can exploit this issue by sending specially crafted /HNAP1 requests, allowing them to execute arbitrary commands remotely through shell metacharacters.

Recommendations For D-Link DIR-823G devices, consider disabling the GoAhead configuration or restricting access to the /HNAP1 endpoint until a patch is available. Avoid using shell metacharacters in the POST data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.