Skip to main content

Dir 820L Firmware CVE-2024-51186

HIGH
Command Injection (CWE-77)
2024-11-11 cve@mitre.org
8.0
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 11, 2024 - 20:15 cve.org
HIGH 8.0

DescriptionCVE.org

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.

AnalysisAI

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Affected products include: Dlink Dir-820L Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2022-26258 CRITICAL POC
9.8 Mar 28

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set

CVE-2023-44809 CRITICAL POC
9.8 Oct 16

D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-44808 CRITICAL POC
9.8 Oct 16

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. Rated critical severity (CVSS 9.8

CVE-2023-44807 CRITICAL POC
9.8 Oct 06

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. Rated critical severity (CVSS 9.8

CVE-2023-25280 CRITICAL POC
9.8 Mar 16

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a cr

CVE-2023-25279 CRITICAL POC
9.8 Mar 13

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a cr

CVE-2023-25281 HIGH POC
7.5 Mar 16

A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a d

CVE-2023-25283 HIGH POC
7.5 Mar 13

A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserv

CVE-2022-34973 HIGH POC
7.5 Aug 03

D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. Rated high

CVE-2023-25282 MEDIUM POC
6.5 Mar 15

A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.

CVE-2024-48150 CRITICAL
9.8 Oct 14

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. Rated critical severity (CVSS 9.8

Share

CVE-2024-51186 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy