CVE-2024-8210

Summary

CVE-2024-8210 is a critical vulnerability affecting multiple D-Link products including DNS-120, DNR-202L, and DNS-320, among others, that are no longer supported. The flaw exists in the sprintf function within the /cgi-bin/hd_config.cgi file, allowing for command injection through manipulation of the f_mount argument. This vulnerability can be exploited remotely, posing significant risks to confidentiality and integrity, with high potential impacts on affected systems. Remediation involves retiring and replacing the vulnerable devices as they are confirmed to be end-of-life by the vendor. The public disclosure of this exploit heightens security concerns for organizations still using these outdated products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.