CVE-2024-8132

Summary

CVE-2024-8132 is a critical vulnerability affecting multiple D-Link products, including DNS-120, DNR-202L, and several other models up to August 14, 2024. The issue arises from command injection capabilities in the webdav_mgr function of the affected devices' HTTP POST Request Handler. This vulnerability can be exploited remotely without authentication, posing a significant risk to confidentiality and integrity. Organizations using these outdated and unsupported products are advised to retire and replace them promptly to mitigate potential attacks. The vulnerability has been publicly disclosed and could be actively exploited by malicious actors.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.