CVE-2018-17786

On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt