216.73.216.215

CVE-2024-8128

· Published 24/08/2024 12:15 · Modified 27/08/2024 15:32

Labels: CVE-2024-8128 2024-08-24CVE-2024-8128CWE-77CWE-78[email protected]

Essential information

Published
24/08/2024 12:15
Modified
27/08/2024 15:32
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_add_zip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dlink / dns-1550-04 firmware cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:*
dlink / dns-1550-04 cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*
dlink / dns-1200-05 firmware cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:*
dlink / dns-1200-05 cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*
dlink / dns-1100-4 firmware cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:*
dlink / dns-1100-4 cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*
dlink / dns-726-4 firmware cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:*
dlink / dns-726-4 cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*
dlink / dns-345 firmware cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:*
dlink / dns-345 cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*
dlink / dns-343 firmware cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:*
dlink / dns-343 cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*
dlink / dns-340l firmware cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:*
dlink / dns-340l cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*
dlink / dnr-326 firmware cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:*
dlink / dnr-326 cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*
dlink / dns-327l firmware cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:*
dlink / dns-327l cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*
dlink / dns-326 firmware cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:*
dlink / dns-326 cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*
dlink / dns-325 firmware cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:*
dlink / dns-325 cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*
dlink / dns-323 firmware cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:*
dlink / dns-323 cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*
dlink / dnr-322l firmware cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:*
dlink / dnr-322l cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:*
dlink / dns-321 firmware cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:*
dlink / dns-321 cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*
dlink / dns-320lw firmware cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:*
dlink / dns-320lw cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*
dlink / dns-320l firmware cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:*
dlink / dns-320l cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*
dlink / dns-320 firmware cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:*
dlink / dns-320 cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*
dlink / dns-315l firmware cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:*
dlink / dns-315l cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*
dlink / dnr-202l firmware cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:*
dlink / dnr-202l cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*
dlink / dns-120 firmware cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:*
dlink / dns-120 cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*

References