CVE-2023-50217

Name of the Vulnerable Software and Affected Versions D-Link G416 (affected versions not specified)

Description The issue exists due to the lack of proper validation of a user-supplied string before using it to execute a system call in the HTTP service listening on TCP port 80. This allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers with root privileges by sending a specially crafted HTTP request. Authentication is not required to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.