CVE-2020-24581

Name of the Vulnerable Software and Affected Versions D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55

Description The issue is related to the execute cmd.cgi feature, which allows an authenticated user to execute Operating System commands. This feature is not reachable via the web user interface. The vulnerability is due to the lack of measures to neutralize special elements used in the Operating System command, which can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55, update the firmware to version AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider restricting access to the execute cmd.cgi feature until a patch is available.