Command Injection Vulnerability in DI_8200-16.07.26A1 by D-Link
CVE-2024-44413

Currently unrated

Key Information:

Vendor
D-Link
Status
DI_8200-16.07.26A1
Vendor
CVE Published:
11 October 2024

Summary

A command injection vulnerability has been identified in D-Link's DI_8200-16.07.26A1 firmware, specifically within the upgrade_filter_asp function in the upgrade_filter.asp script. By manipulating the path parameter, an attacker could potentially execute arbitrary commands on the affected device, compromising its integrity and exposing sensitive information. This highlights the need for robust input validation mechanisms to prevent such exploitation.

References

https://github.com/IotChan/cve/blob/main/dlink/di-8300/di...
https://github.com/IotChan/cve/blob/main/dlink/di-8300/CV...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-44413 : Command Injection Vulnerability in DI_8200-16.07.26A1 by D-Link | SecurityVulnerability.io