Command Injection Vulnerability in D-Link Network Attached Storage Products
CVE-2024-7922

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Dns-120 Firmware
Vendor: CVE Published:; 19 August 2024

What is CVE-2024-7922?

A command injection vulnerability has been identified in several D-Link Network Attached Storage (NAS) products, impacting the myMusic.cgi script. The vulnerability allows remote attackers to exploit several functions, including cgi_audio_search, cgi_create_playlist, and cgi_get_tracks_list. This risk arises from improper validation of user input, enabling attackers to execute arbitrary commands on the affected devices. Notably, only products no longer supported by D-Link are at risk, and users are advised to retire and replace these systems as they are vulnerable to exploitation. Public disclosure of this vulnerability intensifies the urgency for remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.275108

https://vuldb.com/?ctiid.275108

https://vuldb.com/?submit.391669

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 19, 2024

JSON

Dell

What is CVE-2024-7922?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.