CVE-2024-44400

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:di-8400_firmware:16.07.26a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8400:a1:*:*:*:*:*:*:*

History

11 Oct 2024, 17:15

Type Values Removed Values Added
Summary (en) D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp. (en) A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.

06 Sep 2024, 16:15

Type Values Removed Values Added
References
  • () https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/CVE-2024-44400 -

05 Sep 2024, 17:37

Type Values Removed Values Added
References () https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md - () https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md - Exploit, Third Party Advisory
CPE cpe:2.3:o:dlink:di-8400_firmware:16.07.26a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8400:a1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.0
v2 : unknown
v3 : 9.8
First Time Dlink di-8400
Dlink di-8400 Firmware
Dlink
Summary
  • (es) D-Link DI-8400 16.07.26A1 es vulnerable a la inyección de comandos a través de upgrade_filter_asp.

04 Sep 2024, 14:35

Type Values Removed Values Added
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0

04 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 13:15

Updated : 2024-10-11 17:15


NVD link : CVE-2024-44400

Mitre link : CVE-2024-44400

CVE.ORG link : CVE-2024-44400


JSON object : View

Products Affected

dlink

  • di-8400_firmware
  • di-8400
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')