CVE-2024-10915

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 6, 2024

Updated: Nov 8, 2024

CWE ID 78

CWE ID 707

CWE ID 74

Summary

CVE-2024-10915 is a critical vulnerability affecting the D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. The issue lies in the cgi_user_add function of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. An attacker can manipulate the argument group, resulting in os command injection. This vulnerability can be exploited remotely, requiring a moderately complex attack with a difficult exploit. The exploit has been disclosed publicly, increasing the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

D LINK SYSTEMS INC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0QlUcm
https://www.cve.org/CVERecord?id=CVE-2024-10915
https://nvd.nist.gov/vuln/detail/CVE-2024-10915

Back to Vulnerability Database

CVE-2024-10915

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations