Known Vulnerabilities
CVE-2024-23625
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
CRITICAL
CVSS 9.6
Published Jan 25, 2024
CVE-2024-23624
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.
CRITICAL
CVSS 9.6
Published Jan 25, 2024