Dir 882 Firmware
CVE-2024-48637
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
AnalysisAI
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. Affected products include: Dlink Dir-882 Firmware, Dlink Dir-878 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in Dir 882 Firmware
View allD-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. Rated critical severity (CVSS 9
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerabil
D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. Rated critical severit
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows a
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 all
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allo
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Rated critical
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interf
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. Rated high severity (
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DI
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today