D-Link DIR-823X set_wifi_blacklists uci_set command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

在命令中使用的特殊元素转义处理不恰当(命令注入)

D-Link DIR-823X 命令注入漏洞

D-Link DIR-823X是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-823X 250416版本存在命令注入漏洞，该漏洞源于文件/goform/set_wifi_blacklists中函数uci_set存在命令注入漏洞，可能导致远程命令执行。

N/A

N/A