CVE-2024-0921

D-Link DIR-816 A2 Web Interface setDeviceSettings os command injection

CVSS 4.7 MEDIUMEPSS 37.6%CWE-78

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected products

D-Link · DIR-816 A2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/xiyuanhuaigu/cve/blob/main/rce.md https://vuldb.com/?ctiid.252139 https://vuldb.com/?id.252139