Skip to main content

Dir 882 Firmware CVE-2024-48637

HIGH
OS Command Injection (CWE-78)
2024-10-17 cve@mitre.org
8.0
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 17, 2024 - 18:15 cve.org
HIGH 8.0

DescriptionCVE.org

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

AnalysisAI

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. Affected products include: Dlink Dir-882 Firmware, Dlink Dir-878 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2022-44807 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. Rated critical severity (CVSS 9

CVE-2022-44806 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2022-44804 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. Rated critical severit

CVE-2022-28901 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows a

CVE-2022-28896 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 all

CVE-2022-28895 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allo

CVE-2022-28571 CRITICAL POC
9.8 May 02

D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Rated critical

CVE-2022-1262 HIGH POC
7.8 Apr 11

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interf

CVE-2023-26925 HIGH POC
7.5 Mar 31

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. Rated high severity (

CVE-2024-0717 MEDIUM POC
5.3 Jan 19

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DI

CVE-2020-15633 HIGH
8.8 Jul 23

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86

CVE-2020-8864 HIGH
8.8 Mar 23

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86

Share

CVE-2024-48637 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy