CVE-2022-44808

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G version 1.02B03

Description A command injection vulnerability has been found that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. This issue exists due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations For D-Link DIR-823G version 1.02B03, as a temporary workaround, consider restricting access to the /HNAP1 API endpoint until a patch is available. Avoid using the HNAP API function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.