Command Injection Vulnerability in D-Link Routers
CVE-2024-48633

Currently unrated

Key Information:

Vendor: D-Link
Status: DIR-882 and DIR-878 Routers
Vendor: CVE Published:; 17 October 2024

Summary

D-Link DIR-882 and DIR-878 router firmware versions contain multiple command injection vulnerabilities. Attackers can exploit these flaws by sending crafted POST requests targeting specific parameters such as ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress within the SetVirtualServerSettings function. Successful exploitation could result in arbitrary command execution on the operating system, presenting significant security risks to the impacted devices.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vul...

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 8, 2024