ID

VAR-202405-0178


CVE

CVE-2024-5291


TITLE

(0Day) D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-24-442

DESCRIPTION

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21235. D-Link DIR-2150 is a wireless router from D-Link, a Chinese company. D-Link DIR-2150 has a code execution vulnerability, which is caused by the application failing to properly filter special elements in the constructed code segment

Trust: 2.07

sources: NVD: CVE-2024-5291 // ZDI: ZDI-24-442 // CNVD: CNVD-2024-26082

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-26082

AFFECTED PRODUCTS

vendor:d linkmodel:dir-2150scope: - version: -

Trust: 1.3

sources: ZDI: ZDI-24-442 // CNVD: CNVD-2024-26082

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2024-5291
value: HIGH

Trust: 1.0

ZDI: CVE-2024-5291
value: HIGH

Trust: 0.7

CNVD: CNVD-2024-26082
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-26082
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2024-5291
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

ZDI: CVE-2024-5291
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-24-442 // CNVD: CNVD-2024-26082 // NVD: CVE-2024-5291

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2024-5291

PATCH

title:07/12/23 – ZDI reported the vulnerability to the vendor11/09/23 – ZDI asked for updates 11/21/23 –The vendor communicated that the case was not fixed12/12/23 – ZDI asked for updates 12/26/23 –The vendor communicated that the case was not fixed and a failed patch announcement was published – ZDI notified the vendor of the intention to publish the case as 0-day advisory on 05/14/24-- Mitigation: On May 14, 2024, the vendor informed ZDI about the beta software update v1.06beta Hotfix https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10376url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP103365/01/24

Trust: 0.7

sources: ZDI: ZDI-24-442

EXTERNAL IDS

db:NVDid:CVE-2024-5291

Trust: 2.3

db:ZDIid:ZDI-24-442

Trust: 1.7

db:ZDI_CANid:ZDI-CAN-21235

Trust: 0.7

db:CNVDid:CNVD-2024-26082

Trust: 0.6

sources: ZDI: ZDI-24-442 // CNVD: CNVD-2024-26082 // NVD: CVE-2024-5291

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-24-442/

Trust: 1.0

url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap103365/01/24

Trust: 0.7

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10376

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2024-5291

Trust: 0.6

sources: ZDI: ZDI-24-442 // CNVD: CNVD-2024-26082 // NVD: CVE-2024-5291

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-24-442

SOURCES

db:ZDIid:ZDI-24-442
db:CNVDid:CNVD-2024-26082
db:NVDid:CVE-2024-5291

LAST UPDATE DATE

2024-08-14T15:10:15.751000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-24-442date:2024-07-01T00:00:00
db:CNVDid:CNVD-2024-26082date:2024-06-06T00:00:00
db:NVDid:CVE-2024-5291date:2024-05-24T01:15:30.977

SOURCES RELEASE DATE

db:ZDIid:ZDI-24-442date:2024-05-24T00:00:00
db:CNVDid:CNVD-2024-26082date:2024-06-05T00:00:00
db:NVDid:CVE-2024-5291date:2024-05-23T22:15:14.580