Command Injection Vulnerability in D-LINK DIR-859 Router
CVE-2023-39638
9.8CRITICAL
What is CVE-2023-39638?
A command injection vulnerability was discovered in the D-LINK DIR-859 router models A1 1.05 and A1 1.06B01 Beta01. This issue arises from improper handling in the lxmldbc_system function located at /htdocs/cgibin, allowing an attacker to execute arbitrary commands on the device. If exploited, this vulnerability could compromise the router's integrity and lead to unauthorized access, posing a significant risk to users' network security. To mitigate this vulnerability, users are advised to update their products to the latest available firmware and follow security best practices.