Authenticated Remote Command Execution in D-Link DIR-823X

Advisory No: TZCERT/SA/2024/07/26-4

Date of First Release: 26^th July 2024

Source: D-Link

Software Affected: DIR-823X – Firmware v240126

Overview:

The firmware version in the D-Link device is vulnerable to a remote command execution vulnerability. The attackers can leverage the vulnerability to take control of the affected device.

Description:

DIR-823X Hardware Revision Ax, Firmware version 240126 is affected by a LAN-Side authenticated remote command execution vulnerability resulting from improper handling of the ntp_zone_val field in the CGI request for /goform/set_ntp by the web server. craft a malicious ntp_zone_val field and send a malicious HTTP request to the /goform/set_ntp CGI, leading to command execution with administrator privileges on the firmware file system.

Impact:

Successful exploitation of this vulnerability may allow an attacker to take control of the affected device.

Solution:

D-Link has released a hotfix for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10404