Lucene search

[email protected]NVD:CVE-2024-44341

HistoryAug 27, 2024 - 4:15 p.m.

CVE-2024-44341

2024-08-2716:15:07

CWE-78

[email protected]

web.nvd.nist.gov

d-link

rce vulnerability

remote command execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.1%

JSON

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

Affected configurations

Nvd

Node

dlinkdir-846w_firmwareMatchfw100a43

AND

dlinkdir-846wMatcha1

VendorProductVersionCPE
dlinkdir-846w_firmwarefw100a43cpe:2.3:o:dlink:dir-846w_firmware:fw100a43:*:*:*:*:*:*:*
dlinkdir-846wa1cpe:2.3:h:dlink:dir-846w:a1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dir-846w_firmware	fw100a43	cpe:2.3:o:dlink:dir-846w_firmware:fw100a43:::::::*
dlink	dir-846w	a1	cpe:2.3:h:dlink:dir-846w:a1:::::::*

References

www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W

github.com/yali-1002/some-poc/blob/main/CVE-2024-44341

www.dlink.com/en/security-bulletin/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.1%

JSON

Related for NVD:CVE-2024-44341

vulnrichment1 cve1 cvelist1