CVE-2023-25280

Name of the Vulnerable Software and Affected Versions D-Link DIR820LA1 FW105B03

Description The issue is an OS Command injection vulnerability that allows attackers to escalate privileges to root via a crafted payload with the ping addr parameter to ping.ccp. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands. The vulnerability is being actively exploited in the wild.

Recommendations As a temporary workaround, consider disabling the ping.ccp component until a patch is available. Avoid using the ping addr parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.