CVE-2023-43202

Name of the Vulnerable Software and Affected Versions D-LINK DWL-6610AP version FW v 4.3.0.8B003C

Description A command injection issue was found in the pcap download handler function, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. This could potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations For D-LINK DWL-6610AP version FW v 4.3.0.8B003C, as a temporary workaround, consider disabling the pcap download handler function until a patch is available. Restrict access to the update.device.packet-capture.tftp-file-name parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.