CVE-2024-8460

Summary

CVE-2024-8460 is a vulnerability affecting the D-Link DNS-320 with firmware version 2.02b01, specifically within the Web Management Interface's file /cgi-bin/widget_api.cgi. This flaw allows for information disclosure through the manipulation of certain arguments, such as getHD/getSer/getSys, and can be exploited remotely, although the complexity of successfully executing an attack is rated as high. Organizations should note that this vulnerability impacts products that are no longer supported by D-Link, as the vendor has confirmed that these devices are end-of-life and should be retired and replaced accordingly. The potential danger includes significant confidentiality impact due to possible unauthorized access to sensitive information. For affected organizations, it is recommended to discontinue use of the vulnerable product and implement alternatives from supported vendors.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.