CVE-2024-8213

Summary

CVE-2024-8213 is a critical vulnerability affecting various D-Link products, including DNS-120, DNS-315L, and DNS-340L, among others. The flaw lies in the function cgi_FMT_R12R5_1st_DiskMGR within the /cgi-bin/hd_config.cgi file, which allows for remote command injection through manipulation of the f_source_dev argument. This vulnerability poses significant risks, including potential unauthorized access to sensitive information and system integrity compromise. It is important to note that these affected products are no longer supported by D-Link, and users are advised to retire and replace them to mitigate risks. Organizations should take immediate action to replace vulnerable devices to safeguard their networks from possible exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.