CVE-2024-39962

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router version v21 D240126

Description The issue is related to a remote code execution vulnerability in the ntp zone val parameter at the /goform/set ntp API endpoint. This vulnerability can be exploited via a crafted HTTP request, allowing a remote attacker to execute arbitrary code. The vulnerability is due to insufficient input validation in the HTTP Request Handler component of the router's firmware.

Recommendations For D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router version v21 D240126, as a temporary workaround, consider restricting access to the /goform/set ntp API endpoint to minimize the risk of exploitation. Avoid using the ntp zone val parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.