CVE-2018-17786

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G devices (affected versions not specified)

Description The issue is related to the lack of authentication in certain components of the D-Link DIR-823G device's firmware, specifically ExportSettings.sh, upload settings.cgi, GetDownLoadSyslog.sh, and upload firmware.cgi. This allows remote attackers to execute arbitrary code. The vulnerability is associated with the possibility of bypassing authentication, which can enable a remote attacker to perform unauthorized actions.

Recommendations For D-Link DIR-823G devices, consider disabling the ExportSettings.sh, upload settings.cgi, GetDownLoadSyslog.sh, and upload firmware.cgi components until a patch is available to prevent remote attackers from executing arbitrary code. Restrict access to these components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.