CVE-2023-34856

Name of the Vulnerable Software and Affected Versions D-Link DI-7500G-CI version 19.05.29A

Description A Cross Site Scripting (XSS) issue allows attackers to execute arbitrary code by uploading a crafted HTML file to the "interface /auth pic.cgi". The vulnerability is related to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For D-Link DI-7500G-CI version 19.05.29A, consider disabling access to the /auth pic.cgi interface until a patch is available to prevent exploitation. Avoid uploading HTML files to this interface until the issue is resolved.