Skip to main content

Dir 823x Firmware CVE-2024-39962

CRITICAL
Code Injection (CWE-94)
2024-07-19 cve@mitre.org
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 19, 2024 - 15:15 cve.org
CRITICAL 9.8

DescriptionCVE.org

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.

AnalysisAI

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request. Affected products include: Dlink Dir-823X Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2025-29043 CRITICAL POC
9.8 Apr 17

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234. Rated cr

CVE-2025-29042 CRITICAL POC
9.8 Apr 17

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the fu

CVE-2025-29041 CRITICAL POC
9.8 Apr 17

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and t

CVE-2025-29040 CRITICAL POC
9.8 Apr 17

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and t

CVE-2025-1103 HIGH POC
7.1 Feb 07

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. Rated high severity (C

CVE-2025-55848 HIGH POC
8.8 Sep 26

An issue was discovered in DIR-823 firmware 20250416. Rated high severity (CVSS 8.8), this vulnerability is no authentic

CVE-2025-29039 HIGH POC
7.2 Apr 17

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8. Rated hi

CVE-2026-2175 HIGH POC
7.2 Feb 08

Unauthenticated attackers can execute arbitrary operating system commands on D-Link DIR-823X routers through the /goform

CVE-2026-2157 HIGH POC
7.2 Feb 08

Remote code execution in D-Link DIR-823X routers through OS command injection in the static route configuration endpoint

CVE-2026-2120 HIGH POC
7.2 Feb 08

Remote code execution in D-Link DIR-823X routers through OS command injection in the /goform/set_server_settings endpoin

CVE-2026-2155 HIGH POC
7.2 Feb 08

Remote code execution in D-Link DIR-823X routers through OS command injection in the DMZ configuration handler allows un

CVE-2026-2084 HIGH POC
7.2 Feb 07

D-Link DIR-823X firmware contains a command injection vulnerability in the /goform/set_language endpoint that allows rem

Share

CVE-2024-39962 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy