CVE-2024-7833

A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/aLtEr6/pdf/blob/main/3.pdf Broken Link
https://vuldb.com/?ctiid.274731 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.274731 Third Party Advisory VDB Entry
https://vuldb.com/?submit.385338 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:di-8100_firmware:16.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8100:-:*:*:*:*:*:*:*

History

19 Aug 2024, 16:00

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
First Time Dlink di-8100 Firmware
Dlink
Dlink di-8100
CPE cpe:2.3:o:dlink:di-8100_firmware:16.07:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8100:-:*:*:*:*:*:*:*
References () https://github.com/aLtEr6/pdf/blob/main/3.pdf - () https://github.com/aLtEr6/pdf/blob/main/3.pdf - Broken Link
References () https://vuldb.com/?ctiid.274731 - () https://vuldb.com/?ctiid.274731 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.274731 - () https://vuldb.com/?id.274731 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.385338 - () https://vuldb.com/?submit.385338 - Third Party Advisory, VDB Entry
Summary
  • (es) Se encontró una vulnerabilidad en D-Link DI-8100 16.07. Ha sido clasificada como crítica. Esto afecta a la función Upgrade_filter_asp del archivo Upgrade_filter.asp. La manipulación del argumento path conduce a la inyección de comandos. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

15 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 14:15

Updated : 2024-08-19 16:00


NVD link : CVE-2024-7833

Mitre link : CVE-2024-7833

CVE.ORG link : CVE-2024-7833


JSON object : View

Products Affected

dlink

  • di-8100
  • di-8100_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')