DIR-878: Rev Ax Command Injection vulnerability via the component /bin/proc.cgi
27 Oktober, 2022
On October 17, 2022, a 3rd party security researcher reported the D-Link DIR-878 hardware revision Ax with firmware version 1.30B08 Hotfix_04 as having three specific command injection vulnerabilities.
As soon as D-Link was made aware of the reported security issues, we had promptly started our investigation and began developing security patches.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.
- Reported by 黄培扬 payoung _at_ sjtu _dot_ edu _dot_ cn
- CVE-2022-43184 - Command injection vulnerability via the component /bin/proc.cgi.
- Exploit 1 - Link
- Exploit 2 - Link
- Exploit 3 - Link
|Model||Hardware Revision||Region||Affected FW||Fixed FW||Recommendation||Last Updated|
|DIR-878||All A Hardware Revisions||US||1.30B08 Hotfix_04& Below||v1.30B08.4b_Beta_Hotfix
||Upgrade to Hofix Patch