CVE-2024-8129

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2024
Updated: Aug 27, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2024-8129 is a critical vulnerability affecting multiple D-Link products, including DNS-120, DNS-320, and DNR-322L models, which are no longer supported by the vendor. The flaw resides in the cgi_s3_modify function of the /cgi-bin/s3.cgi file and allows for command injection through manipulation of the f_job_name argument. This vulnerability poses significant risks as it can be exploited remotely, potentially compromising the confidentiality and integrity of an organization's systems. To remediate this issue, affected users are advised to retire and replace these end-of-life products, as confirmed by the vendor. Given its high severity rating (CVSS score of 9.8), organizations utilizing these devices should take immediate action to mitigate potential threats.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share