Lucene search

[email protected]NVD:CVE-2024-44340

HistoryAug 27, 2024 - 4:15 p.m.

CVE-2024-44340

2024-08-2716:15:07

CWE-78

[email protected]

web.nvd.nist.gov

d-link

dir-846w

fw100a43

remote command execution

vulnerability

setsmartqossettings

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.1%

JSON

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings.

Affected configurations

Nvd

Node

dlinkdir-846w_firmwareMatchfw100a43

AND

dlinkdir-846wMatcha1

VendorProductVersionCPE
dlinkdir-846w_firmwarefw100a43cpe:2.3:o:dlink:dir-846w_firmware:fw100a43:*:*:*:*:*:*:*
dlinkdir-846wa1cpe:2.3:h:dlink:dir-846w:a1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dir-846w_firmware	fw100a43	cpe:2.3:o:dlink:dir-846w_firmware:fw100a43:::::::*
dlink	dir-846w	a1	cpe:2.3:h:dlink:dir-846w:a1:::::::*

References

www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W

github.com/yali-1002/some-poc/blob/main/CVE-2024-44340

www.dlink.com/en/security-bulletin/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.1%

JSON

Related for NVD:CVE-2024-44340

vulnrichment1 cvelist1 cve1