CVE-2024-44402

Name of the Vulnerable Software and Affected Versions D-Link DI-8100G version 17.12.20A1

Description The issue is related to the msp info.htm file of the D-Link DI-8100G network device, which fails to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to bypass security restrictions and execute arbitrary commands.

Recommendations For D-Link DI-8100G version 17.12.20A1, consider restricting access to the msp info.htm file as a temporary workaround until a patch is available. Avoid using the msp info.htm file in the affected device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.