Lucene search

MitreCVE-2024-44401

HistorySep 06, 2024 - 4:15 p.m.

CVE-2024-44401

2024-09-0616:15:03

CWE-77

mitre

web.nvd.nist.gov

d-link

command injection

upgrade filter

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

41.7%

JSON

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file

Affected configurations

Nvd

Node

dlinkdi-8100g_firmwareMatch17.12.20a1

AND

dlinkdi-8100gMatch-

VendorProductVersionCPE
dlinkdi-8100g_firmware17.12.20a1cpe:2.3:o:dlink:di-8100g_firmware:17.12.20a1:*:*:*:*:*:*:*
dlinkdi-8100g-cpe:2.3:h:dlink:di-8100g:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	di-8100g_firmware	17.12.20a1	cpe:2.3:o:dlink:di-8100g_firmware:17.12.20a1:::::::*
dlink	di-8100g	-	cpe:2.3:h:dlink:di-8100g:-:::::::*

References

github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/CVE-2024-44401

github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/D-link_DI_8100GA1_Command_Injection.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

41.7%

JSON

Related for CVE-2024-44401