D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability
CVE-2024-5291

Currently unrated

Key Information:

Vendor: D-Link
Status: Dir-2150 Firmware
Vendor: CVE Published:; 23 May 2024

What is CVE-2024-5291?

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21235.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.zerodayinitiative.com/advisories/ZDI-24-442/

Timeline

Vulnerability published
May 23, 2024

JSON

D-Link

What is CVE-2024-5291?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.