Command Injection Vulnerability in D-Link DI-8300 Router
CVE-2024-44411

Currently unrated

Key Information:

Vendor: D-Link
Status: DI-8300
Vendor: CVE Published:; 9 September 2024

What is CVE-2024-44411?

The D-Link DI-8300 router running firmware version 16.07.26A1 is susceptible to a command injection vulnerability. This flaw exists in the msp_info_htm function, allowing an attacker to execute arbitrary commands on the device by injecting crafted input. Exploitation of this vulnerability could lead to unauthorized access and control over the affected system, making it crucial for users to implement necessary updates and security measures.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-830...

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Aug 21, 2024