Command Injection Vulnerability in D-Link DIR-816 A2 Devices
CVE-2018-17063
9.8CRITICAL
What is CVE-2018-17063?
A security flaw has been identified in the D-Link DIR-816 A2 devices that allows for command injection through a vulnerable HTTP request. Specifically, the issue arises within the command string construction in the /goform/NTPSyncWithHost route, where shell metacharacters can be utilized to execute arbitrary commands. This vulnerability poses a significant security risk, as it may allow an attacker to gain unauthorized access and control over the affected systems.