CVE-2024-20484

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 6, 2024

CWE ID 20

Summary

CVE-2024-10914 is a newly identified critical vulnerability affecting the D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. The issue lies within the cgi_user_add function of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. This vulnerability results in OS command injection vulnerability, which can be exploited remotely. The complexity of an attack is relatively high, and the exploitation process appears to be difficult. However, the exploit for this vulnerability has been disclosed publicly, increasing the risk for potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Enterprise Chat and Email

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0RZ3Kt
https://www.cve.org/CVERecord?id=CVE-2024-20484
https://nvd.nist.gov/vuln/detail/CVE-2024-20484

Back to Vulnerability Database