Command Injection Vulnerability in D-Link Routers
CVE-2024-48636

Currently unrated

Key Information:

Vendor
D-Link
Status
DIR-882, DIR-878
Vendor
CVE Published:
17 October 2024

Summary

D-Link DIR-882 and DIR-878 routers are susceptible to a command injection vulnerability due to improper handling of the VLANID:0/VID parameter in the SetVLANSettings function. This security flaw can be exploited by attackers who craft malicious POST requests, allowing them to execute arbitrary operating system commands remotely. To protect your network, it is crucial to apply necessary security patches and follow best practices in network configuration.

References

https://www.dlink.com/en/security-bulletin/
https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vul...

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.