Command Injection Vulnerability in D-Link DIR-816 Devices
CVE-2018-17068
9.8CRITICAL
What is CVE-2018-17068?
A command injection vulnerability has been identified in the D-Link DIR-816 A2 version 1.10 B05. This vulnerability stems from the mishandling of an HTTP request parameter within the handler function of the /goform/Diagnosis route. An attacker could exploit this flaw by injecting shell metacharacters in the sendNum parameter, potentially enabling unauthorized command execution on the affected device.