cvedb.io
CVE-2023-24762
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2023-03-13T14:15:12.820 · Last modified 2026-06-17T05:39:49.973

Summary

OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.

Affected products

dlink — dir-867_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when dlink ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.