CVE-2024-20484
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-10914 is a newly identified critical vulnerability affecting the D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. The issue lies within the cgi_user_add function of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. This vulnerability results in OS command injection vulnerability, which can be exploited remotely. The complexity of an attack is relatively high, and the exploitation process appears to be difficult. However, the exploit for this vulnerability has been disclosed publicly, increasing the risk for potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Enterprise Chat and Email
Affected Vendors
- Cisco Systems Inc