CVE-2024-51023 is a command injection vulnerability identified in the D-Link DIR_823G router firmware version 1.0.2B05. The vulnerability resides in the SetNetworkTomographySettings function, specifically in the Address parameter, which fails to properly validate or sanitize input. This allows an unauthenticated remote attacker to inject arbitrary OS commands by sending specially crafted requests to the device's management interface. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS v3.1 base score is 8.8, indicating high severity, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The flaw enables attackers to execute commands with the privileges of the affected service, potentially leading to full device compromise, data theft, network disruption, or pivoting to internal networks. No official patches or updates have been released at the time of publication, and no exploits have been reported in the wild. The vulnerability highlights the risk of insufficient input validation in embedded device management interfaces, a common attack vector in IoT and network hardware.

The impact of CVE-2024-51023 is significant for organizations and individuals using the D-Link DIR_823G router. Successful exploitation can lead to complete compromise of the device, allowing attackers to execute arbitrary commands with high privileges. This can result in unauthorized access to network traffic, interception of sensitive data, disruption of network availability, and use of the device as a foothold for further attacks within internal networks. The vulnerability affects confidentiality, integrity, and availability simultaneously, making it a critical risk in environments where these routers are deployed. Enterprises relying on these routers for network connectivity or segmentation may face operational disruptions and data breaches. Additionally, compromised routers can be leveraged in botnets or for launching attacks against other targets, amplifying the threat. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the likelihood of attacks if the device is exposed to untrusted networks.

1. Immediately restrict access to the router's management interface by limiting it to trusted internal networks and disabling remote management features if not required. 2. Implement network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 3. Monitor network traffic and device logs for unusual or unauthorized commands and access attempts targeting the SetNetworkTomographySettings function or the Address parameter. 4. Apply any available firmware updates or patches from D-Link as soon as they are released. 5. If no patch is available, consider replacing affected devices with models that have updated firmware or better security posture. 6. Employ intrusion detection/prevention systems (IDS/IPS) to detect and block exploitation attempts targeting this vulnerability. 7. Educate network administrators about the risks of exposing device management interfaces to untrusted networks and enforce strong network access controls. 8. Regularly audit device configurations to ensure no unnecessary services or interfaces are exposed externally.