CVE-2024-44334

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1

Description: The issue is related to insufficient checking of arguments passed to a command in the CGI function of D-Link router software. This can be exploited by a remote attacker to execute arbitrary commands. The vulnerability is due to insufficient parameter filtering in the CGI handling function of the upgrade filter.asp file.

Recommendations: For D-Link DI-7003GV2 version 24.04.18D1, consider disabling the upgrade filter.asp function until a patch is available. For D-Link DI-7100G+V2 version 24.04.18D1, restrict access to the vulnerable CGI handling function to minimize the risk of exploitation. For D-Link DI-7100GV2 version 24.04.18D1, avoid using the vulnerable upgrade filter.asp file in the CGI function until the issue is resolved. For D-Link DI-7200GV2 version 24.04.18E1, temporarily disable the upgrade filter.asp function to prevent remote command execution. For D-Link DI-7300G+V2 version 24.04.18D1, restrict access to the upgrade filter.asp file to minimize the risk of exploitation. For D-Link DI-7400G+V2 version 24.04.18D1, consider disabling the vulnerable CGI function until a patch is available.