CVE-2024-10915
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 78
CWE ID 707
CWE ID 74
Summary
CVE-2024-10915 is a critical vulnerability affecting the D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. The issue lies in the cgi_user_add function of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. An attacker can manipulate the argument group, resulting in os command injection. This vulnerability can be exploited remotely, requiring a moderately complex attack with a difficult exploit. The exploit has been disclosed publicly, increasing the risk of potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- D LINK SYSTEMS INC