CVE-2024-44333

Name of the Vulnerable Software and Affected Versions D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1

Description The issue concerns a Remote Command Execution vulnerability in the CGI function responsible for handling usb paswd.asp. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function. This may allow a remote attacker to execute arbitrary commands, potentially leading to unauthorized access and system compromise.

Recommendations For D-Link DI-7003GV2 version 24.04.18D1, restrict access to the CGI function responsible for handling usb paswd.asp to minimize the risk of exploitation. For D-Link DI-7100G+V2 version 24.04.18D1, restrict access to the CGI function responsible for handling usb paswd.asp to minimize the risk of exploitation. For D-Link DI-7100GV2 version 24.04.18D1, restrict access to the CGI function responsible for handling usb paswd.asp to minimize the risk of exploitation. For D-Link DI-7200GV2 version 24.04.18E1, restrict access to the CGI function responsible for handling usb paswd.asp to minimize the risk of exploitation. For D-Link DI-7300G+V2 version 24.04.18D1, restrict access to the CGI function responsible for handling usb paswd.asp to minimize the risk of exploitation. For D-Link DI-7400G+V2 version 24.04.18D1, patch immediately and restrict CGI access, then audit logs for signs of exploit.