CVE-2024-10915 | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L up to 20241028 account_mgr.cgi?cmd=cgi_user_add group os command injection

Inserito da Angelo Barbosa | Nov 6, 2024 | CVE

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection.

This vulnerability is handled as CVE-2024-10915. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to apply restrictive firewalling.

CVE-2024-10915 | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L up to 20241028 account_mgr.cgi?cmd=cgi_user_add group os command injection

Post correlati

CVE-2022-32510 | Nuki Bridge up to 1.21.x/2.13.1 HTTP API cleartext transmission

CVE-2024-49751 | press cross site scripting

CVE-2023-44291 | Dell PowerProtect Data Manager DM5500 Appliance up to 5.14 PPOE os command injection (dsa-2023-425)

CVE-2024-31213 | InstantSoft icms2 up to 2.16.1 User Profile redirect (GHSA-6v3c-p92q-prfq)