CVE-2024-23624

Name of the Vulnerable Software and Affected Versions D-Link DAP-1650 (affected versions not specified)

Description A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. The vulnerability is related to incorrect input validation when processing UPnP SUBSCRIBE messages, allowing a remote attacker to execute arbitrary commands using specially crafted data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.