CVE-2024-8210

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 27, 2024
Updated: Aug 29, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2024-8210 is a critical vulnerability affecting multiple D-Link products including DNS-120, DNR-202L, and DNS-320, among others, that are no longer supported. The flaw exists in the sprintf function within the /cgi-bin/hd_config.cgi file, allowing for command injection through manipulation of the f_mount argument. This vulnerability can be exploited remotely, posing significant risks to confidentiality and integrity, with high potential impacts on affected systems. Remediation involves retiring and replacing the vulnerable devices as they are confirmed to be end-of-life by the vendor. The public disclosure of this exploit heightens security concerns for organizations still using these outdated products.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share