Command Injection Vulnerability in D-Link DIR-878 Devices
CVE-2019-8313
8.8HIGH
What is CVE-2019-8313?
A command injection vulnerability exists in D-Link DIR-878 devices running firmware version 1.12A1. This flaw allows an attacker to execute arbitrary operating system commands remotely by crafting a malicious /HNAP1 POST request. The vulnerability manifests in the SetIPv6FirewallSettings API function, where untrusted input is mishandled, leading to potential unauthorized command execution. Users are advised to review their firmware version and implement necessary security measures to mitigate this risk.