CVE-2024-48632

Name of the Vulnerable Software and Affected Versions D-Link DIR-878 version DIR 878 FW130B08 D-Link DIR-882 version DIR 882 FW130B06

Description The issue exists due to the lack of neutralization of special elements used in the operating system command in the SetPortForwardingSettings() function of the prog.cgi script in D-Link DIR-878 and DIR-882 routers. This allows a remote attacker to execute arbitrary commands by sending a specially crafted POST request. The vulnerability is exploited via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function.

Recommendations For D-Link DIR-878 version DIR 878 FW130B08, avoid using the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function until a patch is available. For D-Link DIR-882 version DIR 882 FW130B06, avoid using the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function until a patch is available. As a temporary workaround, consider disabling the SetPortForwardingSettings() function until a patch is available.