CVE-2024-48632

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
Configurations

No configuration.

History

18 Oct 2024, 12:52

Type Values Removed Values Added
Summary
  • (es) Se descubrió que DIR_882_FW130B06 y DIR_878 DIR_878_FW130B08 de D-Link contienen múltiples vulnerabilidades de inyección de comandos a través de los parámetros LocalIPAddress, TCPPorts y UDPPorts en la función SetPortForwardingSettings. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios del sistema operativo a través de una solicitud POST manipulada.

17 Oct 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0
CWE CWE-78

17 Oct 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-17 18:15

Updated : 2024-10-18 12:52


NVD link : CVE-2024-48632

Mitre link : CVE-2024-48632

CVE.ORG link : CVE-2024-48632


JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')