CVE-2023-39638

Name of the Vulnerable Software and Affected Versions D-LINK DIR-859 versions A1 1.05 through A1 1.06B01 Beta01

Description The issue is related to a command injection vulnerability via the lxmldbc system function at the "/htdocs/cgibin" endpoint. This vulnerability is associated with the failure to neutralize special elements, which could allow a remote attacker to execute arbitrary commands.

Recommendations For D-LINK DIR-859 versions A1 1.05 through A1 1.06B01 Beta01, consider disabling the lxmldbc system function as a temporary workaround until a patch is available. Restrict access to the "/htdocs/cgibin" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.