Command Execution Vulnerability in D-Link DI8004W
CVE-2024-44382

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Di 8004w Firmware
Vendor: CVE Published:; 23 August 2024

Summary

A command execution vulnerability exists in the jhttpd upgrade_filter_asp function of the D-Link DI_8004W router. This issue allows attackers to execute arbitrary commands on the affected device, potentially compromising the integrity and confidentiality of the system. Exploiting this vulnerability could lead to unauthorized access and manipulation of the router's configuration. Users of the D-Link DI_8004W should implement security best practices and monitor for any updates from the vendor to mitigate potential risks.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlin...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Aug 21, 2024