CVE-2024-8128

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2024
Updated: Aug 27, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2024-8128 is a critical vulnerability affecting multiple D-Link products, including models DNS-120, DNS-315L, and DNS-340L, among others, which are no longer supported. The vulnerability exists in the cgi_add_zip function of the file /cgi-bin/webfile_mgr.cgi and allows for command injection through manipulated HTTP POST requests. This issue poses significant risks to organizations as it can be exploited remotely without requiring user interaction or elevated privileges. Remediation involves retiring and replacing these end-of-life products since no patches will be provided by the vendor. Organizations should prioritize addressing this vulnerability to mitigate potential data integrity and confidentiality breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share