CVE-2024-44335

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003G version 19.12.24A1 D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1

Description: The issue is related to insufficient argument checking in the version upgrade.asp function of D-Link router firmware, allowing remote command execution. This can enable a remote attacker to execute arbitrary commands.

Recommendations: For D-Link DI-7003G version 19.12.24A1, consider disabling access to the version upgrade.asp page until a patch is available. For D-Link DI-7003GV2 version 24.04.18D1, restrict access to the version upgrade.asp function to minimize the risk of exploitation. For D-Link DI-7100G+V2 version 24.04.18D1, avoid using the version upgrade.asp page in production environments until the issue is resolved. For D-Link DI-7100GV2 version 24.04.18D1, limit access to the version upgrade.asp function to trusted users only. For D-Link DI-7200GV2 version 24.04.18E1, disable the version upgrade.asp function temporarily as a workaround. For D-Link DI-7300G+V2 version 24.04.18D1, restrict the use of the version upgrade.asp page to administrative tasks only. For D-Link DI-7400G+V2 version 24.04.18D1, consider applying configuration changes to limit the exposure of the version upgrade.asp function.