A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/aLtEr6/pdf/blob/main/2.pdf | Broken Link Exploit |
https://vuldb.com/?ctiid.273521 | Third Party Advisory |
https://vuldb.com/?id.273521 | Third Party Advisory |
https://vuldb.com/?submit.370591 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
11 Sep 2024, 14:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dlink di-8100
Dlink Dlink di-8100 Firmware |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
References | () https://github.com/aLtEr6/pdf/blob/main/2.pdf - Broken Link, Exploit | |
References | () https://vuldb.com/?ctiid.273521 - Third Party Advisory | |
References | () https://vuldb.com/?id.273521 - Third Party Advisory | |
References | () https://vuldb.com/?submit.370591 - Third Party Advisory | |
CPE | cpe:2.3:h:dlink:di-8100:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:di-8100_firmware:16.07:*:*:*:*:*:*:* |
05 Aug 2024, 12:41
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Aug 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-03 14:15
Updated : 2024-09-11 14:41
NVD link : CVE-2024-7436
Mitre link : CVE-2024-7436
CVE.ORG link : CVE-2024-7436
JSON object : View
Products Affected
dlink
- di-8100
- di-8100_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')