An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
References
Link | Resource |
---|---|
http://dir-816a2.com | Broken Link |
https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md | Exploit Third Party Advisory |
https://www.dlink.com/ | Product |
https://www.dlink.com/en/security-bulletin/ | Product |
http://dir-816a2.com | Broken Link |
https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md | Exploit Third Party Advisory |
https://www.dlink.com/ | Product |
https://www.dlink.com/en/security-bulletin/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://dir-816a2.com - Broken Link | |
References | () https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md - Exploit, Third Party Advisory | |
References | () https://www.dlink.com/ - Product | |
References | () https://www.dlink.com/en/security-bulletin/ - Product |
15 Feb 2024, 05:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:* |
|
CWE | CWE-77 | |
First Time |
Dlink
Dlink dir-816 Firmware Dlink dir-816 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://www.dlink.com/en/security-bulletin/ - Product | |
References | () https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md - Exploit, Third Party Advisory | |
References | () https://www.dlink.com/ - Product | |
References | () http://dir-816a2.com - Broken Link |
08 Feb 2024, 18:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 18:15
Updated : 2024-11-21 08:59
NVD link : CVE-2024-24321
Mitre link : CVE-2024-24321
CVE.ORG link : CVE-2024-24321
JSON object : View
Products Affected
dlink
- dir-816
- dir-816_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')