So first up, we have BatBadBut, a pun based on the vulnerability being “about batch files and bad, but not the worst.” It’s a weird interaction between how Windows uses cmd.exe
to execute batch files and how argument splitting and character escaping normally works. And what is apparently a documentation flaw in the Windows API.
This is a companion discussion topic for the original entry at https://hackaday.com/2024/04/12/this-week-in-security-batbadbut-dlink-and-your-tv-too/