PT-2024-6664 · D Link · D-Link Di-8100
Published
2024-08-21
·
Updated
2024-09-12
·
CVE-2024-44401
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
D-Link DI-8100G version 17.12.20A1
Description:
The issue is related to a command injection vulnerability via the
sub47A60C function in the upgrade filter.asp file. This vulnerability is associated with the failure to neutralize special elements used in the operating system command, which can allow a remote attacker to execute arbitrary commands.Recommendations:
For D-Link DI-8100G version 17.12.20A1, consider disabling the
sub47A60C function in the upgrade filter.asp file as a temporary workaround until a patch is available. Restrict access to the upgrade filter.asp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Di-8100