CVE-2021-46230

Name of the Vulnerable Software and Affected Versions D-Link DI-7200G versions V2.E1

Description The issue is related to insufficient input data cleaning in the upgrade filter function of the D-Link DI-7200G router's firmware, specifically affecting the path and time parameters. This allows a remote attacker to execute arbitrary commands.

Recommendations For D-Link DI-7200G version V2.E1, as a temporary workaround, consider disabling the upgrade filter function until a patch is available. Restrict access to the path and time parameters in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.