CVE-2024-8212

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 27, 2024
Updated: Aug 29, 2024
CWE ID 77

Summary

CVE-2024-8212 is a critical command injection vulnerability affecting several D-Link products, including DNS-120, DNR-202L, and DNS-320 series, among others, that are no longer supported. The vulnerability exists in the cgi_FMT_R12R5_2nd_DiskMGR function of the /cgi-bin/hd_config.cgi file, allowing remote attackers to manipulate the f_source_dev argument. Remediation involves retiring and replacing these affected products since they have reached end-of-life status. The potential impact on organizations includes high integrity and confidentiality risks, as well as possible availability compromise due to exploitation. The vulnerability has been publicly disclosed, increasing the urgency for affected organizations to act promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share