CVE-2024-8128
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8128 is a critical vulnerability affecting multiple D-Link products, including models DNS-120, DNS-315L, and DNS-340L, among others, which are no longer supported. The vulnerability exists in the cgi_add_zip function of the file /cgi-bin/webfile_mgr.cgi and allows for command injection through manipulated HTTP POST requests. This issue poses significant risks to organizations as it can be exploited remotely without requiring user interaction or elevated privileges. Remediation involves retiring and replacing these end-of-life products since no patches will be provided by the vendor. Organizations should prioritize addressing this vulnerability to mitigate potential data integrity and confidentiality breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.