CVE-2020-6842

Name of the Vulnerable Software and Affected Versions D-Link DCH-M225 versions 1.05b01 and earlier

Description The issue is related to the lack of proper sanitization of special elements used in the operating system command when processing the media renderer parameter in the name string. This allows remote authenticated administrators to execute arbitrary OS commands via shell metacharacters in the media renderer name. The exploitation of this issue can enable a remote attacker to execute arbitrary commands.

Recommendations For D-Link DCH-M225 versions 1.05b01 and earlier, as a temporary workaround, consider restricting access to the media renderer name parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.