CVE-2024-8127

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2024
Updated: Aug 27, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2024-8127 is a critical vulnerability affecting multiple D-Link products, including the DNS-120, DNS-315L, DNS-320, and others up to the date of 20240814. The vulnerability exists in the cgi_unzip function of the /cgi-bin/webfile_mgr.cgi component and allows for command injection through manipulated HTTP POST requests. This exploit can be executed remotely, posing significant risks such as unauthorized access and control over affected devices. Remediation involves retiring and replacing impacted products, as they are no longer supported by D-Link. The severity of this vulnerability is rated at 9.8 on the CVSS scale, indicating a high potential for integrity and confidentiality breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share