CVE-2024-57595 Information

Description

DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi which allows remote attackers to execute arbitrary commands via the parameter \wps_pin\ passed to the apc_client_pin.cgi binary through a POST request.

Reference

https://github.com/IdaJea/IOT_vuln_1/blob/master/DIR825/wps_pin.md https://www.dlink.com/en/security-bulletin/