CVE-2024-57595

Name of the Vulnerable Software and Affected Versions D-Link DIR-825 REVB version 2.03

Description The issue concerns an OS command injection vulnerability in the CGl interface apc client pin.cgi, which allows remote attackers to execute arbitrary commands via the wps pin parameter passed to the apc client pin.cgi binary through a POST request to the /apc client pin.cgi endpoint. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command when processing the wps pin parameter.

Recommendations For D-Link DIR-825 REVB version 2.03, as a temporary workaround, consider disabling the apc client pin.cgi function until a patch is available. Restrict access to the apc client pin.cgi interface to minimize the risk of exploitation. Avoid using the wps pin parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.