CVE-2023-25826

Name of the Vulnerable Software and Affected Versions OpenTSDB (affected versions not specified) D-Link DIR-X4860 (affected versions not specified)

Description The issue arises from insufficient validation of parameters passed to the legacy HTTP query API, allowing for the injection of crafted OS commands and the execution of malicious code on the host system. This is due to an incomplete fix for a previously disclosed vulnerability. The regex validation implemented to restrict input does not work as intended, enabling crafted commands to bypass validation.

Recommendations For OpenTSDB, as a temporary workaround, consider disabling the legacy HTTP query API until a patch is available. For D-Link DIR-X4860, at the moment, there is no information about a newer version that contains a fix for this vulnerability.