Command Injection Vulnerability in D-Link Routers
CVE-2024-48635
Currently unrated
Key Information:
- Vendor
D-Link
- Vendor
- CVE Published:
- 17 October 2024
What is CVE-2024-48635?
A command injection vulnerability has been identified in D-Link's DIR_882_FW130B06 and DIR_878_FW130B08 models. Attackers can exploit this flaw via the VLANID:2/VID parameter in the SetVLANSettings function, potentially allowing for the execution of arbitrary operating system commands through a specially crafted POST request. This poses significant risks to users, emphasizing the need for prompt security updates and vigilance.