CVE-2023-50201

Name of the Vulnerable Software and Affected Versions D-Link G416 (affected versions not specified)

Description The issue is related to the cfgsave upusb function in the D-Link G416 router's firmware, which does not properly neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary code by connecting to TCP port 80. The specific flaw exists within the HTTP service listening on TCP port 80 and results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.