D-Link DIR-846W RCE Vulnerability Discovered in wl(0).(0)_ssid Parameter
CVE-2024-44342

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-846w Firmware
Vendor: CVE Published:; 27 August 2024

Summary

The D-Link DIR-846W A1 FW100A43 router has a vulnerability that allows remote command execution through improper validation of the wl(0).(0)_ssid parameter. An attacker can leverage this flaw by sending a specially crafted POST request, potentially compromising the router's security. This vulnerability emphasizes the necessity for robust parameter validation mechanisms in network devices to prevent unauthorized access and maintain user data integrity.

References

https://www.dlink.com/en/security-bulletin/

http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI...

https://github.com/yali-1002/some-poc/blob/main/CVE-2024-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Aug 21, 2024