CVE-2023-43129

Name of the Vulnerable Software and Affected Versions D-LINK DIR-806 versions DIR806A1 FW100CNb11

Description The issue is related to the lack of data cleaning measures at the management level, which can be exploited by a remote attacker to execute arbitrary commands using the REMOTE PORT parameter. This is a command injection vulnerability due to lax filtering of REMOTE PORT parameters.

Recommendations For version DIR806A1 FW100CNb11, consider disabling the use of the REMOTE PORT parameter until a patch is available to prevent command injection attacks. Restrict access to the management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.