CVE-2024-8211

Summary

CVE-2024-8211 is a critical vulnerability affecting various D-Link products, including DNS-120, DNR-202L, and DNS-320 series devices, specifically due to a command injection flaw in the cgi_FMT_Std2R1_DiskMGR function of the /cgi-bin/hd_config.cgi file. This vulnerability allows remote attackers to manipulate arguments, potentially leading to unauthorized command execution. The affected products are no longer supported by the vendor, which has indicated they should be retired and replaced. Organizations using these devices face significant risks, including high confidentiality and integrity impacts, as well as potential availability issues. Remediation involves upgrading to supported alternatives or implementing measures to isolate or remove these devices from their networks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.