CVE-2024-48630

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 versions FW130B06 D-Link DIR-878 versions FW130B08

Description A command injection issue exists in the SetMACFilters2 function due to insufficient neutralization of special elements used in an OS command. This allows attackers to execute arbitrary OS commands via a crafted POST request to the MacAddress parameter.

Recommendations For D-Link DIR-882 version FW130B06, consider disabling the SetMACFilters2 function until a patch is available. For D-Link DIR-878 version FW130B08, restrict access to the MacAddress parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, avoid using the MacAddress parameter in the SetMACFilters2 function until a fix is provided.