CVE-2024-44411

Name of the Vulnerable Software and Affected Versions D-Link DI-8300 version 16.07.26A1

Description The issue is related to the msp info htm function in the D-Link DI-8300 router's firmware, which is vulnerable to command injection. This vulnerability can be exploited by a remote attacker to execute arbitrary commands using a GET request.

Recommendations For D-Link DI-8300 version 16.07.26A1, consider disabling the msp info htm function until a patch is available to prevent command injection attacks. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the msp info htm function in API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.