CVE-2018-17787
https://notcve.org/view.php?id=CVE-2018-17787
On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. En dispositivos D-Link DIR-823G, la configuración GoAhead permite una inyección de comandos /HNAP1 mediante metacaracteres shell en los datos POST. Esto se debe a que los datos se envían directamente a la función de biblioteca "system". • https://xz.aliyun.com/t/2834 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-17786
https://notcve.org/view.php?id=CVE-2018-17786
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. En dispositivos D-Link DIR-823G, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh y upload_firmware.cgi no requieren autenticación, lo que permite que los atacantes remotos ejecuten código arbitrario. • https://xz.aliyun.com/t/2834 • CWE-287: Improper Authentication •