CVE-2018-10431

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 2.5.17

Description The issue is related to the lack of proper sanitization of special elements used in an operating system command, allowing remote code execution. This can be exploited by an attacker to execute arbitrary code remotely. The vulnerability is specifically related to the use of shell metacharacters in the Host field of the System / Traceroute screen.

Recommendations For D-Link DIR-615 version 2.5.17, consider restricting access to the System / Traceroute screen to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using shell metacharacters in the Host field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.