CVE-2023-31814

Name of the Vulnerable Software and Affected Versions D-Link DIR-300 firmware versions <=REVA1.06 and <=REVB2.06

Description The issue is related to incorrect external control of a file name or path in the /model/ lang msg.php script of the D-Link DIR-300 router's firmware. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For D-Link DIR-300 firmware versions <=REVA1.06, update to a version higher than REVA1.06. For D-Link DIR-300 firmware versions <=REVB2.06, update to a version higher than REVB2.06. As a temporary workaround, consider restricting access to the /model/ lang msg.php script until a patch is available.