CVE-2023-26822

Name of the Vulnerable Software and Affected Versions D-Link GO-RT-AC750 version revA v101b03

Description The issue is related to a command injection vulnerability via the service parameter at soapcgi.main(). This vulnerability can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For D-Link GO-RT-AC750 version revA v101b03, as a temporary workaround, consider disabling the soapcgi main() function until a patch is available. Restrict access to the soapcgi.main module to minimize the risk of exploitation. Avoid using the service parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.