CVE-2024-8130
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8130 is a critical vulnerability affecting various D-Link network storage devices, including models such as DNS-120, DNS-320L, and DNR-322L, among others, that are no longer supported by the manufacturer. The flaw resides in the cgi_s3 function of the /cgi-bin/s3.cgi file and allows for command injection through manipulation of the f_a_key argument. This security risk can be exploited remotely without requiring any privileges or user interaction, posing a significant threat to an organization's data confidentiality and integrity. To remediate this vulnerability, affected products should be retired and replaced due to their end-of-life status as confirmed by the vendor. Organizations using these devices should take immediate action to mitigate potential exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.