CVE-2024-8212
Essential information
- Published
- 27/08/2024 20:15
- Modified
- 29/08/2024 15:53
- Author
- —
- Creator
- —
- CVSS
- 9.8 CRITICAL (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| dlink / dns-315l firmware | cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-315l | cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:* |
| dlink / dns-320lw firmware | cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-320lw | cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:* |
| dlink / dns-1550-04 firmware | cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-1550-04 | cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:* |
| dlink / dns-1200-05 firmware | cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-1200-05 | cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:* |
| dlink / dns-1100-4 firmware | cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-1100-4 | cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:* |
| dlink / dns-726-4 firmware | cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-726-4 | cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:* |
| dlink / dns-345 firmware | cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-345 | cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:* |
| dlink / dns-343 firmware | cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-343 | cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:* |
| dlink / dns-340l firmware | cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-340l | cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:* |
| dlink / dnr-326 firmware | cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:* |
| dlink / dnr-326 | cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:* |
| dlink / dns-327l firmware | cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-327l | cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:* |
| dlink / dns-326 firmware | cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-326 | cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:* |
| dlink / dns-325 firmware | cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-325 | cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:* |
| dlink / dns-323 firmware | cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-323 | cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:* |
| dlink / dnr-322l firmware | cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:* |
| dlink / dnr-322l | cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:* |
| dlink / dns-321 firmware | cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-321 | cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:* |
| dlink / dns-320l firmware | cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-320l | cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:* |
| dlink / dns-320 firmware | cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-320 | cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:* |
| dlink / dnr-202l firmware | cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:* |
| dlink / dnr-202l | cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:* |
| dlink / dns-120 firmware | cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:* |
| dlink / dns-120 | cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:* |