CVE-2024-44410

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:di-8300_firmware:16.07.26a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8300:-:*:*:*:*:*:*:*

History

10 Sep 2024, 19:00

Type Values Removed Values Added
CPE cpe:2.3:o:dlink:di-8300_firmware:16.07.26a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8300:-:*:*:*:*:*:*:*
CWE CWE-77
First Time Dlink
Dlink di-8300 Firmware
Dlink di-8300
References () https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410 - () https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410 - Third Party Advisory
References () https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1.md - () https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1.md - Exploit, Third Party Advisory
References () https://www.dlink.com/en/security-bulletin/ - () https://www.dlink.com/en/security-bulletin/ - Issue Tracking

10 Sep 2024, 15:35

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

10 Sep 2024, 12:09

Type Values Removed Values Added
Summary
  • (es) D-Link DI-8300 v16.07.26A1 es vulnerable a la inyección de comandos a través de la función upgrade_filter_asp.

09 Sep 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-09 21:15

Updated : 2024-09-10 19:00


NVD link : CVE-2024-44410

Mitre link : CVE-2024-44410

CVE.ORG link : CVE-2024-44410


JSON object : View

Products Affected

dlink

  • di-8300_firmware
  • di-8300
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')