D-Link DIR-846W A1 FW100A43 Vulnerable to Remote Command Execution
CVE-2024-44341

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-846w Firmware
Vendor: CVE Published:; 27 August 2024

Summary

A remote command execution (RCE) vulnerability was identified in the D-Link DIR-846W A1 router firmware version FW100A43. This security flaw is triggered by manipulating the lan(0)_dhcps_staticlist parameter through a crafted POST request. Exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized control and manipulation of network settings. Users are strongly advised to remain vigilant and implement necessary updates to secure their devices against potential attacks. For further information, refer to D-Link's official security bulletin.

References

https://www.dlink.com/en/security-bulletin/

http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI...

https://github.com/yali-1002/some-poc/blob/main/CVE-2024-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Aug 21, 2024