CVE-2024-11046

Name of the Vulnerable Software and Affected Versions D-Link DI-8003 version 16.07.16A1

Description A critical issue has been identified, affecting the function upgrade filter asp of the file /upgrade filter.asp. The manipulation of the argument path leads to os command injection. This issue can be exploited remotely. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For D-Link DI-8003 version 16.07.16A1, as a temporary workaround, consider disabling the upgrade filter asp function until a patch is available. Restrict access to the /upgrade filter.asp file to minimize the risk of exploitation. Avoid using the path argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.