Command Injection Vulnerability in D-Link Routers
CVE-2024-48629

Currently unrated

Key Information:

Vendor

D-Link

Vendor
CVE Published:
17 October 2024

What is CVE-2024-48629?

A command injection vulnerability exists in D-Link's DIR_882_FW130B06 and DIR_878_FW130B08 routers, specifically in the SetGuestZoneRouterSettings function. Through manipulation of the IPAddress parameter, attackers can execute arbitrary operating system commands via a specially crafted POST request, potentially compromising the integrity and security of the affected devices.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.