CVE-2023-43129

Vulnerability

A command injection vulnerability exists in the D-LINK DIR-806 1200M11AC wireless router, specifically in firmware version DIR806A1_FW100CNb11. The bug is located in the handling of the REMOTE_PORT parameter; the router’s HTTP management interface fails to properly filter or sanitize user-supplied input to this parameter before passing it to a system command. No authentication is required to reach the vulnerable code path. [1]

Exploitation

An unauthenticated attacker with network access to the router’s web management interface can send a crafted HTTP request containing malicious shell metacharacters (e.g., semicolons, pipes, or command substitution) in the REMOTE_PORT parameter. The router then executes the injected operating system commands with the privileges of the web server process. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary OS commands on the router. This can lead to full compromise of the device, including disclosure of sensitive data (e.g., Wi-Fi credentials), modification of router configuration, denial of service, or using the router as a pivot for further attacks on the local network. [1]

Mitigation

As of the publication date, D-Link has not released a firmware update to fix this vulnerability. The vendor’s support page [1] is the official channel for future updates. Users should monitor that page for a patched firmware version. In the absence of a patch, administrators should restrict access to the router’s web interface to trusted networks only, disable remote management if not needed, and consider isolating the router from untrusted devices. The device may have reached end-of-life status; if no fix becomes available, replacement with a supported model is recommended. [1]