CVE-2024-44341

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 27, 2024
CWE ID 78

Summary

CVE-2024-44341 identifies a remote command execution (RCE) vulnerability affecting the D-Link DIR-846W A1 FW100A43 router, which can be exploited through a specially crafted POST request targeting the lan(0)_dhcps_staticlist parameter. The vulnerability has a high severity rating with a base score of 8.8 and poses significant risks to an organization, including potential unauthorized access and control over affected devices, leading to compromised integrity, confidentiality, and availability of network resources. To mitigate this risk, organizations should update their D-Link devices to the latest firmware version as recommended in D-Link's security bulletins. The exploit requires low privileges and does not necessitate user interaction, making it particularly concerning for network security. For further details and remediation guidance, users can refer to D-Link's official security bulletin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share