CVE-2023-43207

Name of the Vulnerable Software and Affected Versions D-LINK DWL-6610 version 4.3.0.8B003C

Description The issue is related to a command injection vulnerability in the config upload handler function. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. The vulnerability is associated with the failure to neutralize special elements used in the operating system command when processing the configRestore parameter. Exploitation of the vulnerability can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For version 4.3.0.8B003C, consider disabling the config upload handler function until a patch is available to prevent exploitation of the command injection vulnerability via the configRestore parameter. Restrict access to the configRestore parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.