CVE-2024-52739

Name of the Vulnerable Software and Affected Versions D-LINK DI-8400 version 16.07.26A1

Description The issue is related to the msp info htm function in the D-LINK DI-8400 router's firmware, which does not properly neutralize special elements used in a command. This can be exploited by a remote attacker to execute arbitrary commands when the function processes the flag and cmd parameters.

Recommendations For D-LINK DI-8400 version 16.07.26A1, as a temporary workaround, consider disabling the msp info htm function until a patch is available. Restrict access to the parameters flag and cmd to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.