CVE-2024-8214

Summary

CVE-2024-8214 is a critical vulnerability affecting multiple D-Link products, including DNS and DNR series devices, which are no longer supported by the manufacturer. The vulnerability resides in the cgi_FMT_Std2R5_2nd_DiskMGR function of the /cgi-bin/hd_config.cgi file, allowing for command injection via manipulated arguments. This exploit can be executed remotely, posing significant risks such as unauthorized access to system integrity and confidentiality. Organizations using these affected devices are advised to retire and replace them to mitigate potential exploitation. The vulnerability has been publicly disclosed, highlighting the urgency of addressing this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.