CVE-2024-48629

Name of the Vulnerable Software and Affected Versions: D-Link DIR 882 versions FW130B06 D-Link DIR 878 version FW130B08 D-Link DIR-822 (affected versions not specified)

Description: A command injection issue exists via the IPAddress parameter in the SetGuestZoneRouterSettings function, allowing attackers to execute arbitrary OS commands through a crafted POST request. This is due to the lack of proper neutralization of special elements used in the operating system command. The vulnerability can be exploited by a remote attacker to execute arbitrary commands.

Recommendations: For D-Link DIR 882 version FW130B06, consider disabling the SetGuestZoneRouterSettings function until a patch is available. For D-Link DIR 878 version FW130B08, restrict access to the IPAddress parameter in the SetGuestZoneRouterSettings function to minimize the risk of exploitation. For D-Link DIR-822, at the moment, there is no information about a newer version that contains a fix for this vulnerability.