Embedded Files
We have identified a vulnerability in the following products, specifically a command injection vulnerability within the parsing logic of the 'service' parameter in gena.cgi. This vulnerability is similar to CVE-2023-34800, which was found in the D-Link Go-RT-AC750 revA_v101b03.
We just show legacy products that are affected.
Affected products: (EOL/EOS)
DIR-300, DIR-600, DIR-645, DIR-803, DIR-815, DIR-816L, DIR-817LW, DIR-818LW, DIR-820LW, DIR-850L, DIR-860L, DIR-868L, DIR-880L, DIR-890L, DIR-859 (CVE-2019-17621), DIR-845L(CVE-2022-36756)
Note that the vulnerability existed in DIR-859 AND DIR-845 have been revealed, but not revealed in other models.
Affected models and firmware versions
DIR-300 DIR_300_fw_revb1_214b01_ALL_en_20130430_instructions !!!uk end of life
DIR-300 DIR-300_fw_revb_214b01_ALL_20130206 !!! uk end of life
DIR-600 DIR-600_Fw_2.18
DIR-600 DIR-600_fw_revB5_2-15B02_all_en_20130319
DIR-600B5 DIR-600B5_FW216WWb05
DIR-645 DIR-645_REVA_FIRMWARE_PATCH_v1.06B01_BETA02
DIR-645 DIR-645_REVA_FIRMWARE_PATCH_1.06.B01
DIR-803 DIR-803_REVA_FIRMWARE_1.04.B02
DIR-815 DIR-815_REVB_FIRMWARE_PATCH_2.07.B01
DIR-816L DIR-816L_REVB_FIRMWARE_PATCH_2.06.B09_BETA
DIR-817LW DIR-817LW_REVA_FIRMWARE_PATCH_1.04.B04_H4E_BETA
DIR-818LW DIR-818LW_REVA_FIRMWARE_PATCH_2.05.B03
DIR-820LW DIR-820LW_REVB_FIRMWARE_PATCH_2.03.B01_TC DIR-820L !!!DIR-820L legacy
DIR-850 DIR850L_FW103KRB01
DIR-850 DIR850L_FW115KRb07
DIR850LA1 DIR850LA1_FW106KRb01
DIR-860L DIR-860L_REVA_FIRMWARE_PATCH_v1.11B01_BETA
DIR-860L DIR-860L_REVB_FIRMWARE_2.03.B03
DIR868LA1 DIR868LA1_FW108KRb01
DIR868LA3 DIR868LA3_FW107KRb03
DIR868LB1 DIR868LB1_FW200KRbetab08
DIR-868L DIR-868L_REVB_FIRMWARE_PATCH_2.05B02
DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04_WW
DIR-890L DIR-890L_REVA_FIRMWARE_1.03.B07
Proof of Concept (PoC)
Page updated
Google Sites
Report abuse