Login Sign Up

CVE-2023-50205

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers on the same network to execute arbitrary commands as root on D-Link G416 routers without authentication. The flaw exists in the HTTP service on port 80 where user input isn't properly sanitized before being used in system commands. All users of affected D-Link G416 routers are at risk.

💻 Affected Systems

Products:
  • D-Link G416 router
Versions: All versions prior to patched firmware
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: HTTP service on port 80 is enabled by default. No authentication required for exploitation.

📦 What is this software?

G416 Firmware by Dlink

View all CVEs affecting G416 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with root access, allowing attackers to intercept/modify all network traffic, install persistent malware, pivot to internal network devices, or brick the device.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, or deployment of botnet malware.

🟢

If Mitigated

Limited impact if router is isolated from critical systems and network segmentation prevents lateral movement.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

ZDI published technical details and proof-of-concept. Exploitation requires network adjacency but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for latest firmware

Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10367

Restart Required: Yes

Instructions:

1. Visit D-Link support site. 2. Download latest firmware for G416. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable HTTP service

all

Disable the vulnerable HTTP service on port 80 if not needed

Router-specific: Check admin interface for service disable options

Network segmentation

all

Isolate router from critical internal networks

🧯 If You Can't Patch

  • Replace affected router with patched or different model
  • Implement strict network access controls to limit who can reach router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version against vendor advisory. If unable to patch, test with ZDI PoC in isolated environment.

Check Version:

Router-specific: Log into admin interface and check firmware version in system status

Verify Fix Applied:

Verify firmware version matches patched version in vendor advisory. Test that HTTP service no longer accepts malicious chmod commands.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to router on port 80 containing chmod commands
  • Multiple failed exploit attempts
  • Unexpected system processes running

Network Indicators:

  • HTTP POST requests with command injection payloads to router port 80
  • Unusual outbound connections from router

SIEM Query:

source_ip="router_ip" AND dest_port=80 AND http_method=POST AND (http_uri CONTAINS "chmod" OR http_body CONTAINS "chmod")

📊 Metadata

CVE ID: CVE-2023-50205
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: May 3, 2024
Last Updated: March 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50205, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)