Command Injection Vulnerability in D-Link Routers
CVE-2024-48629
Currently unrated
Key Information:
- Vendor
D-Link
- Vendor
- CVE Published:
- 17 October 2024
What is CVE-2024-48629?
A command injection vulnerability exists in D-Link's DIR_882_FW130B06 and DIR_878_FW130B08 routers, specifically in the SetGuestZoneRouterSettings function. Through manipulation of the IPAddress parameter, attackers can execute arbitrary operating system commands via a specially crafted POST request, potentially compromising the integrity and security of the affected devices.