This Week in Security: BatBadBut, DLink, and Your TV Too

So first up, we have BatBadBut, a pun based on the vulnerability being “about batch files and bad, but not the worst.” It’s a weird interaction between how Windows uses cmd.exe to execute batch files and how argument splitting and character escaping normally works. And what is apparently a documentation flaw in the Windows API.


This is a companion discussion topic for the original entry at https://hackaday.com/2024/04/12/this-week-in-security-batbadbut-dlink-and-your-tv-too/