CVE-2023-24330

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 A1 version DIR882A1 FW130B06

Description The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-882 A1 wireless router's firmware, which fails to neutralize special elements used in operating system commands. This can be exploited by a remote attacker to elevate privileges and execute arbitrary commands by sending a specially crafted POST request to the /HNAP1/ API endpoint.

Recommendations For version DIR882A1 FW130B06, consider disabling the /HNAP1/ API endpoint until a patch is available to prevent exploitation. Restrict access to the HNAP1 protocol to minimize the risk of command injection attacks. Avoid using the HNAP1 protocol for remote administration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.