CVE-2024-44340

Summary

CVE-2024-44340 identifies a remote command execution (RCE) vulnerability in the D-Link DIR-846W A1 router with firmware version FW100A43, specifically through the keys smartqos_express_devices and smartqos_normal_devices in the SetSmartQoSSettings function. This vulnerability poses a high level of risk, with an exploitability score of 2.8 and a base severity rating of 8.8, allowing attackers to potentially gain high integrity and confidentiality impacts with low privileges and no user interaction required. To remediate this issue, organizations should update to the latest firmware version provided by D-Link as detailed on their security bulletin page. The vulnerability is classified under CWE-78, indicating improper neutralization of special elements used in OS commands, which could allow unauthorized access to network resources. Failure to address this vulnerability could result in significant data breaches or system disruptions for affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.