CVE-2024-33112

Name of the Vulnerable Software and Affected Versions D-Link DIR-845L router version 1.01KRb03 and before

Description The issue is related to a command injection vulnerability via the hnap main() function. This vulnerability is associated with the failure to neutralize special elements used in the operating system command when processing the purenetworks.com/HNAP1/GetDeviceSettings string in the SOAPAction header. Exploitation of this issue may allow a remote attacker to bypass security restrictions and execute arbitrary commands. There has been a recent spike in botnet activity from FICORA and CAPSAICIN targeting D-Link devices, exploiting this vulnerability.

Recommendations For D-Link DIR-845L router version 1.01KRb03 and before, as a temporary workaround, consider disabling the hnap main() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the parameter related to the purenetworks.com/HNAP1/GetDeviceSettings string in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.