CVE-2024-8212
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8212 is a critical command injection vulnerability affecting several D-Link products, including DNS-120, DNR-202L, and DNS-320 series, among others, that are no longer supported. The vulnerability exists in the cgi_FMT_R12R5_2nd_DiskMGR function of the /cgi-bin/hd_config.cgi file, allowing remote attackers to manipulate the f_source_dev argument. Remediation involves retiring and replacing these affected products since they have reached end-of-life status. The potential impact on organizations includes high integrity and confidentiality risks, as well as possible availability compromise due to exploitation. The vulnerability has been publicly disclosed, increasing the urgency for affected organizations to act promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.