CVE-2024-8134

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2024
Updated: Aug 27, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2024-8134 is a critical vulnerability affecting multiple D-Link products, including DNS-120, DNR-202L, and DNS-320 series devices, among others, which are no longer supported by the vendor. The vulnerability arises from the command injection capability in the cgi_FMT_Std2R5_1st_DiskMGR function of the HTTP POST Request Handler. This issue can be exploited remotely without requiring authentication, posing significant risks to confidentiality and integrity due to high potential for unauthorized access and manipulation. Organizations using these outdated products are advised to retire and replace them as a remediation measure. The public disclosure of this exploit increases the urgency for affected users to take immediate action to protect their systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share