PT-2024-6461 · D Link · D-Link Di 8004W

Published

2024-08-06

Updated

2024-08-27

CVE-2024-44382

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DI 8004W version 16.07.26A1

Description The issue is related to a command execution vulnerability in the jhttpd upgrade filter asp function. This vulnerability may allow a remote attacker to execute arbitrary commands. The vulnerability is associated with the lack of data cleaning measures at the management level.

Recommendations For D-Link DI 8004W version 16.07.26A1, upgrade to version 16.07.27A1 to remediate the issue. As a temporary workaround, consider restricting access to the jhttpd upgrade filter asp function until the patch is applied.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2024-07547

CVE-2024-44382

Affected Products

D-Link Di 8004W

PT-2024-6461 · D Link · D-Link Di 8004W

CVE-2024-44382

Weakness Enumeration

Related Identifiers

Affected Products

References · 14