CVE-2023-24762 in DIR-867
Summary
by MITRE • 03/13/2023
OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/26/2025
The CVE-2023-24762 vulnerability represents a critical operating system command injection flaw discovered in D-Link DIR-867 routers running firmware version 1.30B07. This vulnerability exists within the router's HNAP1 (Home Network Access Protocol) implementation, specifically in the SetVirtualServerSettings function where the LocalIPAddress parameter is processed without adequate input validation or sanitization. The flaw allows remote attackers to inject malicious commands that are subsequently executed with the privileges of the router's web server process, potentially leading to complete system compromise. The vulnerability stems from improper handling of user-supplied input within the router's web interface, creating an attack vector that can be exploited without authentication.
The technical exploitation of this vulnerability occurs through the manipulation of the LocalIPAddress parameter within the HNAP1 protocol interface. When an attacker crafts a malicious payload and submits it through the SetVirtualServerSettings endpoint, the router fails to properly validate or sanitize the input before incorporating it into system commands. This injection allows execution of arbitrary operating system commands on the affected device, enabling attackers to gain unauthorized access to the router's underlying operating system. The vulnerability is classified as a command injection flaw under CWE-77, which specifically addresses situations where user-supplied data is directly incorporated into command execution without proper validation or escaping mechanisms.
The operational impact of CVE-2023-24762 is severe and multifaceted, potentially allowing attackers to achieve complete compromise of the affected D-Link DIR-867 routers. Successful exploitation could enable attackers to execute commands such as modifying network configurations, installing malware, accessing sensitive data, or using the compromised device as a pivot point for attacking other systems within the local network. The vulnerability affects the router's core functionality by allowing unauthorized modification of virtual server settings, potentially enabling attackers to redirect traffic or establish backdoors. According to ATT&CK framework, this vulnerability maps to T1059.001 (Command and Scripting Interpreter: PowerShell) and T1068 (Exploitation for Privilege Escalation) techniques, as it allows for command execution and potential privilege escalation within the network infrastructure.
Mitigation strategies for CVE-2023-24762 should prioritize immediate firmware updates from D-Link, as the vendor has released patches addressing this specific vulnerability. Network administrators should implement network segmentation and access controls to limit exposure of affected devices, particularly by blocking external access to the router's web interface and HNAP1 endpoints. Additional protective measures include disabling unnecessary services, implementing strong authentication mechanisms, and monitoring network traffic for suspicious patterns that may indicate exploitation attempts. The vulnerability highlights the importance of input validation and proper sanitization of user-supplied data in network device interfaces, as recommended by industry best practices and security frameworks such as NIST SP 800-144. Organizations should also consider deploying intrusion detection systems to monitor for exploitation attempts targeting this specific vulnerability and maintain comprehensive network monitoring to detect unauthorized changes to router configurations.