CVE-2024-44410

Name of the Vulnerable Software and Affected Versions D-Link DI-8300 version 16.07.26A1

Description The issue is related to the upgrade filter asp function in the D-Link DI-8300 router's firmware, which does not properly sanitize input data. This can be exploited by a remote attacker to execute arbitrary commands using a GET request. The vulnerability allows for command injection, potentially leading to unauthorized access and control of the device.

Recommendations For D-Link DI-8300 version 16.07.26A1, consider disabling the upgrade filter asp function until a patch is available to prevent command injection attacks. Restrict access to the device and its management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.