CVE-2024-9004

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 19, 2024
Updated: Sep 23, 2024
CWE ID 78

Summary

CVE-2024-9004 is a critical vulnerability affecting the D-Link DAR-7000 up to version 20240912, specifically in the function handling the file /view/DBManage/Backup_Server_commit.php, which allows for OS command injection through manipulated input arguments. This vulnerability enables remote exploitation and poses significant risks to confidentiality, integrity, and availability of affected systems. Notably, it only impacts products that are no longer supported by D-Link. To mitigate this risk, organizations should upgrade or replace affected devices with supported versions or alternative solutions. The vulnerability has been publicly disclosed, increasing the likelihood of active exploitation in the wild.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share