CVE-2021-44882

Name of the Vulnerable Software and Affected Versions D-Link DIR-878 versions prior to the fixed version

Description The issue is related to the implementation of the twsystem() function in the D-Link DIR-878 wireless router's firmware, which fails to neutralize special elements used in operating system commands. This allows a remote attacker to execute arbitrary commands by sending specially crafted HNAP1 POST requests to the / API endpoint, potentially via the HNAP1 protocol.

Recommendations For D-Link DIR-878 versions prior to the fixed version: update to the latest firmware version to resolve the issue. As a temporary workaround, consider restricting access to the twsystem() function until a patch is available. Avoid using the HNAP1 protocol in the affected API endpoint until the issue is resolved.