CVE-2022-26670

Name of the Vulnerable Software and Affected Versions D-Link DIR-878 version (affected versions not specified)

Description The issue exists due to inadequate filtering for special characters in the webpage input field, allowing an unauthenticated LAN attacker to perform a command injection attack. This can enable the execution of arbitrary system commands, potentially leading to control of the system or disruption of service.

Recommendations For D-Link DIR-878, consider restricting access to the webpage input field until a patch is available. As a temporary workaround, avoid using special characters in the input field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.