CVE-2024-23625

Name of the Vulnerable Software and Affected Versions D-Link DAP-1650 (affected versions not specified)

Description A command injection issue exists when handling UPnP SUBSCRIBE messages, allowing an unauthenticated attacker to gain command execution on the device as root. The vulnerability is related to incorrect input validation in the UPnP SUBSCRIBE Message Handler component. An attacker can exploit this issue by sending specially crafted data to execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.