CVE-2021-44880

Name of the Vulnerable Software and Affected Versions D-Link DIR-878 versions 1.30B08 Hotfix 02 D-Link DIR-882 versions 1.30B06 Hotfix 02

Description The issue is related to a command injection vulnerability in the system function of D-Link devices. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. The vulnerability is associated with the failure to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary commands by sending specially crafted HNAP1 POST requests.

Recommendations For D-Link DIR-878 version 1.30B08 Hotfix 02, consider disabling the system function until a patch is available. For D-Link DIR-882 version 1.30B06 Hotfix 02, restrict access to the HNAP1 POST request endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the HNAP1 protocol until the issue is resolved.