CVE-2024-8133

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2024
Updated: Aug 27, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2024-8133 is a critical vulnerability affecting multiple D-Link products, including DNS-120, DNS-315L, and DNR-322L, among others, that have not been supported since August 14, 2024. The issue resides in the HTTP POST Request Handler's function cgi_FMT_R5_SpareDsk_DiskMGR, where improper handling of the argument f_source_dev allows for remote command injection. This flaw can potentially expose organizations to high confidentiality and integrity risks due to its ability to be exploited without authentication or user interaction. To mitigate this risk, affected devices should be retired and replaced as they are no longer maintained by the vendor. The vulnerability has been publicly disclosed, increasing the urgency of remediation actions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share