CVE-2021-45998

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 versions prior to DIR 882 FW1.30B06 Hotfix 02

Description The issue is related to incorrect handling of the LocalIPAddress parameter, allowing remote attackers to execute arbitrary commands by sending specially crafted HNAP1 POST requests. This can lead to command injection, enabling attackers to perform unauthorized actions.

Recommendations For D-Link DIR-882 versions prior to DIR 882 FW1.30B06 Hotfix 02, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the HNAP1 API endpoint to minimize the risk of exploitation. Avoid using the LocalIPAddress parameter in the affected API endpoint until the issue is resolved.