Remote Attacker Can Execute Arbitrary Code via Dlink DIR-816A2 v.1.10CNB05
CVE-2024-24321

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Dir-816 Firmware
Vendor
CVE Published:
8 February 2024

Summary

A critical vulnerability has been identified in the D-Link DIR-816A2 router that enables remote attackers to execute arbitrary code. The issue resides specifically in the wizardstep4_ssid_2 parameter within the sub_42DA54 function of the device's firmware. By exploiting this vulnerability, attackers can manipulate inputs, leading to unauthorized code execution on the router, potentially compromising the device and the network it is connected to. Users are advised to review their firmware versions and take necessary steps to secure their devices against this vulnerability.

References

https://www.dlink.com/en/security-bulletin/
https://www.dlink.com/
http://dir-816a2.com

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.