D-Link DI-8100G Vulnerable to Command Injection via Upgrade Filter
CVE-2024-44401

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Di-8100g Firmware
Vendor
CVE Published:
6 September 2024

Summary

The D-Link DI-8100G router version 17.12.20A1 has a command injection vulnerability in the sub47A60C function located within the upgrade_filter.asp file. This flaw allows unauthorized commands to be executed on the device, potentially granting attackers remote control over its functionalities. Users of this router model are urged to review their security measures. Implementing network segmentation, regular firmware updates, and monitoring device logs can help safeguard against exploit attempts related to this vulnerability.

References

https://github.com/lonelylonglong/openfile-/blob/main/D-l...
https://github.com/lonelylonglong/openfile-/blob/main/D-l...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.