CVE-2024-48634

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 versions FW130B06 D-Link DIR-878 versions FW130B08

Description A command injection issue exists in the SetWLanRadioSecurity function due to insufficient neutralization of special elements used in an OS command. This allows attackers to execute arbitrary OS commands via a crafted POST request to the vulnerable key parameter.

Recommendations For D-Link DIR-882 version FW130B06, consider disabling the SetWLanRadioSecurity() function until a patch is available. For D-Link DIR-878 version FW130B08, restrict access to the SetWLanRadioSecurity() function to minimize the risk of exploitation. Avoid using the key parameter in the affected API endpoint until the issue is resolved.