Command Injection Vulnerability in D-Link DIR-878 Router
CVE-2019-8317
8.8HIGH
What is CVE-2019-8317?
A command injection vulnerability in D-Link DIR-878 devices allows remote attackers to execute arbitrary code and gain root access. This issue arises due to improper handling of untrusted input in the HNAP API, specifically the SetStaticRouteIPv6Settings function. Attackers can exploit this vulnerability by sending crafted POST requests containing shell metacharacters, leading to unauthorized command execution on the affected device.