CVE-2023-45208

Name of the Vulnerable Software and Affected Versions D-Link DAP-X1860 versions 1.00 through 1.01b05-01

Description A command injection issue in the parsing xml stasurvey function allows attackers within range of the repeater to run shell commands as root during the setup process via a crafted SSID. Network names containing single quotes can result in a denial of service.

Recommendations For versions 1.00 through 1.01b05-01, update to the latest version that includes the fix provided by D-Link. As a temporary workaround, consider avoiding the use of single quotes in network names and restricting access to the setup process to minimize the risk of exploitation.