CVE-2024-7436

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
References
Link Resource
https://github.com/aLtEr6/pdf/blob/main/2.pdf Broken Link Exploit
https://vuldb.com/?ctiid.273521 Third Party Advisory
https://vuldb.com/?id.273521 Third Party Advisory
https://vuldb.com/?submit.370591 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:di-8100_firmware:16.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8100:*:*:*:*:*:*:*:*

History

11 Sep 2024, 14:41

Type Values Removed Values Added
First Time Dlink di-8100
Dlink
Dlink di-8100 Firmware
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
References () https://github.com/aLtEr6/pdf/blob/main/2.pdf - () https://github.com/aLtEr6/pdf/blob/main/2.pdf - Broken Link, Exploit
References () https://vuldb.com/?ctiid.273521 - () https://vuldb.com/?ctiid.273521 - Third Party Advisory
References () https://vuldb.com/?id.273521 - () https://vuldb.com/?id.273521 - Third Party Advisory
References () https://vuldb.com/?submit.370591 - () https://vuldb.com/?submit.370591 - Third Party Advisory
CPE cpe:2.3:h:dlink:di-8100:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8100_firmware:16.07:*:*:*:*:*:*:*

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en D-Link DI-8100 16.07 y clasificada como crítica. Este problema afecta la función msp_info_htm del archivo msp_info.htm. La manipulación del argumento cmd conduce a la inyección de comandos. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-273521.

03 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-03 14:15

Updated : 2024-09-11 14:41


NVD link : CVE-2024-7436

Mitre link : CVE-2024-7436

CVE.ORG link : CVE-2024-7436


JSON object : View

Products Affected

dlink

  • di-8100
  • di-8100_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')