CVE-2024-44342

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 27, 2024
CWE ID 78

Summary

CVE-2024-44342 identifies a remote command execution (RCE) vulnerability in the D-Link DIR-846W A1 firmware version 100A43, which can be exploited through a specially crafted POST request targeting the wl(0).(0)_ssid parameter. This vulnerability has a high severity rating with a CVSS score of 8.8, indicating significant potential impacts on confidentiality, integrity, and availability. Successful exploitation requires low privileges and no user interaction, making it accessible to attackers over the network. Organizations using affected D-Link products should apply available security updates or mitigations as recommended by D-Link to safeguard against this risk. Failure to address this vulnerability could lead to unauthorized command execution and compromise sensitive data or system integrity within an organization.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share