CVE-2024-48631

Name of the Vulnerable Software and Affected Versions D-Link DIR 882 versions FW130B06 D-Link DIR 878 version FW130B08

Description A command injection issue exists in the SetWLanRadioSettings function due to insufficient neutralization of special elements used in an OS command. This allows attackers to execute arbitrary OS commands via a crafted POST request to the SSID parameter.

Recommendations For D-Link DIR 882 version FW130B06, consider disabling the SetWLanRadioSettings function until a patch is available. For D-Link DIR 878 version FW130B08, restrict access to the SetWLanRadioSettings function to minimize the risk of exploitation. Avoid using the SSID parameter in the affected API endpoint until the issue is resolved.