CVE-2023-43128

Name of the Vulnerable Software and Affected Versions D-LINK DIR-806 versions DIR806A1 FW100CNb11

Description The issue is related to a lack of proper data cleaning at the management level, which can be exploited by a remote attacker to execute arbitrary commands using the HTTP ST parameter. This is a command injection vulnerability due to lax filtering of HTTP ST parameters.

Recommendations For D-LINK DIR-806 version DIR806A1 FW100CNb11, as a temporary workaround, consider restricting access to the vulnerable parameter HTTP ST to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.