CVE-2024-33343

Name of the Vulnerable Software and Affected Versions D-Link DIR-822+ version 1.0.5

Description The issue is related to the ChgSambaUserSettings() function in the prog.cgi script of the D-Link DIR-822+ wireless router's firmware. It is caused by the lack of proper sanitization of special elements used in the operating system command when processing the samba name parameter. This allows a remote attacker to execute arbitrary commands via the shell. The exploitation of this issue can enable remote attackers to perform unauthorized actions.

Recommendations For D-Link DIR-822+ version 1.0.5, as a temporary workaround, consider disabling the ChgSambaUserSettings() function until a patch is available. Restrict access to the prog.cgi script to minimize the risk of exploitation. Avoid using the samba name parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.