Authenticated Remote Command Execution in D-Link DIR-823X

Published On: Aug 16, 2024 18:36

Advisory No: TZCERT-SA-24-0011

Source: DIR-823X - Firmware v240126

Software Affected: DIR-823X - Firmware v240126

Overview

The firmware version in the D-Link device is vulnerable to a remote command execution vulnerability. The attackers can leverage the vulnerability to take control of the affected device.

Description

DIR-823X Hardware Revision Ax, Firmware version 240126 is affected by a LAN-Side authenticated remote command execution vulnerability resulting from improper handling of the ntp_zone_val field in the CGI request for /goform/set_ntp by the web server. craft a malicious ntp_zone_val field and send a malicious HTTP request to the /goform/set_ntp CGI, leading to command execution with administrator privileges on the firmware file system.

Impact

Successful exploitation of this vulnerability may allow an attacker to take control of the affected device.

Solution

D-Link has released a hotfix for this vulnerability. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident