Arbitrary Code Execution Vulnerability in DLink DWR 2000M and DWR CPE Products
CVE-2024-28729

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dwr-2000m Firmware
Vendor: CVE Published:; 12 November 2024

Summary

A notable security issue exists within DLink's DWR 2000M 5G CPE With Wifi 6 Ax1800 and the DWR CPE DWR-2000M_1.34ME firmware version. This vulnerability allows a local attacker to leverage this security flaw to execute arbitrary code. The exploitation occurs through specially crafted requests, which could potentially lead to unauthorized access and manipulation of device functionalities. Users of affected products are urged to evaluate their security posture and apply any available mitigations to safeguard against exploitation.

References

https://github.com/Mrnmap/mrnmap-cve

https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-2...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024