Lucene search

[email protected]NVD:CVE-2024-44342

HistoryAug 27, 2024 - 4:15 p.m.

CVE-2024-44342

2024-08-2716:15:07

CWE-78

[email protected]

web.nvd.nist.gov

d-link dir-846w

remote command execution

post request

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.1%

JSON

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.

Affected configurations

Nvd

Node

dlinkdir-846w_firmwareMatchfw100a43

AND

dlinkdir-846wMatcha1

VendorProductVersionCPE
dlinkdir-846w_firmwarefw100a43cpe:2.3:o:dlink:dir-846w_firmware:fw100a43:*:*:*:*:*:*:*
dlinkdir-846wa1cpe:2.3:h:dlink:dir-846w:a1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dir-846w_firmware	fw100a43	cpe:2.3:o:dlink:dir-846w_firmware:fw100a43:::::::*
dlink	dir-846w	a1	cpe:2.3:h:dlink:dir-846w:a1:::::::*

References

www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W

github.com/yali-1002/some-poc/blob/main/CVE-2024-44342

www.dlink.com/en/security-bulletin/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.1%

JSON

Related for NVD:CVE-2024-44342

cve1 cvelist1 vulnrichment1 thn1