CVE-2024-57595

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 27, 2025

CWE ID 78

Summary

CVE-2024-57595 is a newly disclosed vulnerability affecting D-Link DIR-825 REVB 2.03 devices. This issue involves an OS command injection flaw residing in the apc_client_pin.cgi CGI binary. Attackers can exploit this vulnerability by utilizing a malicious POST request with a specially crafted "wps_pin" parameter. Successful exploitation grants the attacker the ability to execute arbitrary commands on the targeted device, potentially leading to serious security compromises.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2UANLp
https://www.cve.org/CVERecord?id=CVE-2024-57595
https://nvd.nist.gov/vuln/detail/CVE-2024-57595

Back to Vulnerability Database

CVE-2024-57595

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations