Lucene search

MitreCVE-2024-44382

HistoryAug 23, 2024 - 4:15 p.m.

CVE-2024-44382

2024-08-2316:15:07

CWE-77

mitre

web.nvd.nist.gov

d-link jhttpd upgrade_filter_asp vulnerability 16.07.26a1 command execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.

Affected configurations

Nvd

Node

dlinkdi_8004w_firmwareMatch16.07.26a1

AND

dlinkdi_8004wMatch-

VendorProductVersionCPE
dlinkdi_8004w_firmware16.07.26a1cpe:2.3:o:dlink:di_8004w_firmware:16.07.26a1:*:*:*:*:*:*:*
dlinkdi_8004w-cpe:2.3:h:dlink:di_8004w:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	di_8004w_firmware	16.07.26a1	cpe:2.3:o:dlink:di_8004w_firmware:16.07.26a1:::::::*
dlink	di_8004w	-	cpe:2.3:h:dlink:di_8004w:-:::::::*

References

github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md

www.dlink.com/en/security-bulletin/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Related for CVE-2024-44382