CVE-2024-8131

Summary

CVE-2024-8131 is a critical vulnerability affecting multiple D-Link products, including models such as DNS-120, DNR-202L, and DNS-320LW. The flaw arises in the function module_enable_disable of the /cgi-bin/apkg_mgr.cgi file, where improper handling of the f_module_name argument can lead to command injection vulnerabilities. This vulnerability can be exploited remotely and poses significant risks to organizations, as it may allow unauthorized access and control over affected devices, leading to potential data breaches or disruption of services. The vendor has confirmed that these products are end-of-life and recommends retiring and replacing them to mitigate the risk. Organizations utilizing these devices should take immediate action to ensure their network security by removing or replacing the affected equipment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.