CVE-2024-8130

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814

Description: A critical vulnerability has been found in the specified D-Link products. The issue affects the function cgi s3 of the file /cgi-bin/s3.cgi in the component HTTP POST Request Handler. The manipulation of the argument f a key leads to command injection. This attack can be launched remotely. The exploit has been disclosed to the public and may be used. Note that this vulnerability only affects products that are no longer supported by the maintainer, and the vendor has confirmed that the product is end-of-life.

Recommendations: As the products are no longer supported and have been confirmed as end-of-life by the vendor, the recommended course of action is to retire and replace them. There is no information about a newer version that contains a fix for this vulnerability.