CVE-2024-8128
Essential information
- Published
- 24/08/2024 12:15
- Modified
- 27/08/2024 15:32
- Author
- —
- Creator
- —
- CVSS
- 9.8 CRITICAL (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_add_zip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| dlink / dns-1550-04 firmware | cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-1550-04 | cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:* |
| dlink / dns-1200-05 firmware | cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-1200-05 | cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:* |
| dlink / dns-1100-4 firmware | cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-1100-4 | cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:* |
| dlink / dns-726-4 firmware | cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-726-4 | cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:* |
| dlink / dns-345 firmware | cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-345 | cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:* |
| dlink / dns-343 firmware | cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-343 | cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:* |
| dlink / dns-340l firmware | cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-340l | cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:* |
| dlink / dnr-326 firmware | cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:* |
| dlink / dnr-326 | cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:* |
| dlink / dns-327l firmware | cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-327l | cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:* |
| dlink / dns-326 firmware | cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-326 | cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:* |
| dlink / dns-325 firmware | cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-325 | cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:* |
| dlink / dns-323 firmware | cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-323 | cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:* |
| dlink / dnr-322l firmware | cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:* |
| dlink / dnr-322l | cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:* |
| dlink / dns-321 firmware | cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-321 | cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:* |
| dlink / dns-320lw firmware | cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-320lw | cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:* |
| dlink / dns-320l firmware | cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-320l | cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:* |
| dlink / dns-320 firmware | cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-320 | cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:* |
| dlink / dns-315l firmware | cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-315l | cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:* |
| dlink / dnr-202l firmware | cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:* |
| dlink / dnr-202l | cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:* |
| dlink / dns-120 firmware | cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-120 | cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:* |