CVE-2024-8213

🗓️ 27 Aug 2024 19:31:07Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 90 Views🌐 WEB

A critical vulnerability found in multiple D-Link products allows remote attackers to perform command injection via the cgi_FMT_R12R5_1st_DiskMGR function, affecting unsupported products up to 20240814

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-8213	27 Aug 202423:15	–	circl
CNNVD	D-Link多款产品命令注入漏洞	27 Aug 202400:00	–	cnnvd
Cvelist	CVE-2024-8213 D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_1st_DiskMGR command injection	27 Aug 202419:31	–	cvelist
EUVD	EUVD-2024-49019	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8213	27 Aug 202420:15	–	nvd
Positive Technologies	PT-2024-6464 · D Link · D-Link Dns-321 +16	4 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-8213	23 May 202507:18	–	redhatcve
Vulnrichment	CVE-2024-8213 D-Link DNS-1550-04 hd_config.cgi cgi_FMT_R12R5_1st_DiskMGR command injection	27 Aug 202419:31	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

dlink dns-315l_firmwareMatch-

AND

dlink dns-315lMatch-

Node

dlink dns-320lw_firmwareMatch-

AND

dlink dns-320lwMatch-

Node

dlink dns-1550-04_firmwareMatch-

AND

dlink dns-1550-04Match-

Node

dlink dns-1200-05_firmwareMatch-

AND

dlink dns-1200-05Match-

Node

dlink dns-1100-4_firmwareMatch-

AND

dlink dns-1100-4Match-

Node

dlink dns-726-4_firmwareMatch-

AND

dlink dns-726-4Match-

Node

dlink dns-345_firmwareMatch-

AND

dlink dns-345Match-

Node

dlink dns-343_firmwareMatch-

AND

dlink dns-343Match-

Node

dlink dns-340l_firmwareMatch-

AND

dlink dns-340lMatch-

Node

dlink dnr-326_firmwareMatch-

AND

dlink dnr-326Match-

Node

dlink dns-327l_firmwareMatch-

AND

dlink dns-327lMatch-

Node

dlink dns-326_firmwareMatch-

AND

dlink dns-326Match-

Node

dlink dns-325_firmwareMatch-

AND

dlink dns-325Match-

Node

dlink dns-323_firmwareMatch-

AND

dlink dns-323Match-

Node

dlink dnr-322l_firmwareMatch-

AND

dlink dnr-322lMatch-

Node

dlink dns-321_firmwareMatch-

AND

dlink dns-321Match-

Node

dlink dns-320l_firmwareMatch-

AND

dlink dns-320lMatch-

Node

dlink dns-320_firmwareMatch-

AND

dlink dns-320Match-

Node

dlink dnr-202l_firmwareMatch-

AND

dlink dnr-202lMatch-

Node

dlink dns-120_firmwareMatch-

AND

dlink dns-120Match-

[
  {
    "vendor": "D-Link",
    "product": "DNS-120",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNR-202L",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-315L",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320L",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320LW",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-321",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNR-322L",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-323",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-325",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-326",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-327L",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNR-326",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-340L",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-343",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-345",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-726-4",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-1100-4",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-1200-05",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-1550-04",
    "versions": [
      {
        "version": "20240814",
        "status": "affected"
      }
    ]
  }
]

Source	Link
supportannouncement	www.supportannouncement.us.dlink.com/security/publication.aspx
github	www.github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_1st_DiskMGR.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
dlink	www.dlink.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
f_source_dev	request body	cgi-bin/hd_config.cgi	Command injection via manipulated f_source_dev parameter in CGI endpoint /cgi-bin/hd_config.cgi, enabling remote arbitrary command execution on affected D-Link devices.	CWE-78, CWE-77

29 Aug 2024 15:51Current

7.8High risk

Vulners AI Score7.8

CVSS 3.16.3 - 9.8

CVSS 45.3

CVSS 26.5

CVSS 36.3

EPSS0.01557

SSVC