Command Injection Vulnerability in D-Link DAP-1650 Devices: Remote Root Command Execution

Command Injection Vulnerability in D-Link DAP-1650 Devices: Remote Root Command Execution

CVE-2024-23625 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Learn more about our Web Application Penetration Testing UK.