DIR-878: Rev Ax Command Injection vulnerability via the component /bin/proc.cgi
27 October, 2022
On October 17, 2022, a 3rd party security researcher reported the D-Link DIR-878 hardware revision Ax with firmware version 1.30B08 Hotfix_04 as having three specific command injection vulnerabilities.
As soon as D-Link was made aware of the reported security issues, we had promptly started our investigation and began developing security patches.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.
Report information
- Reported by 黄培扬 payoung _at_ sjtu _dot_ edu _dot_ cn
                 - CVE-2022-43184 - Command injection vulnerability via the component /bin/proc.cgi.
                 - Exploit 1 - Link
- Exploit 2 - Link
- Exploit 3 - Link
           
Affected Models
| Model | Hardware Revision | Region | Affected FW | Fixed FW | Recommendation | Last Updated | 
| DIR-878 | All A Hardware Revisions | US | 1.30B08 Hotfix_04& Below | v1.30B08.4b_Beta_Hotfix | Upgrade to Hofix Patch | 10/27/2022 |