Sign-up

ID

VAR-202405-0209


CVE

CVE-2024-5295


TITLE

(0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-24-446

DESCRIPTION

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294. D-Link G416 is a wireless router from D-Link, a Chinese company. D-Link G416 has a code execution vulnerability, which is caused by the application failing to properly filter special elements in the constructed code segment

Trust: 2.07

sources: NVD: CVE-2024-5295 // ZDI: ZDI-24-446 // CNVD: CNVD-2024-26088

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-26088

AFFECTED PRODUCTS

vendor:d linkmodel:g416scope: - version: -

Trust: 1.3

sources: ZDI: ZDI-24-446 // CNVD: CNVD-2024-26088

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2024-5295
value: HIGH

Trust: 1.0

ZDI: CVE-2024-5295
value: HIGH

Trust: 0.7

CNVD: CNVD-2024-26088
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-26088
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2024-5295
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

ZDI: CVE-2024-5295
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-24-446 // CNVD: CNVD-2024-26088 // NVD: CVE-2024-5295

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2024-5295

PATCH

title:08/16/23 – ZDI reported the vulnerabilities to the vendor 08/24/23 – The vendor communicated that the cases would be fixed in Q4, 2023 release 05/01/24 – ZDI notified the vendor of the intention to publish the case as 0-day advisory on 05/14/24 -- Mitigation: On May 14, 2024, the vendor informed ZDI about the software update v1.09B01url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10364

Trust: 0.7

title:Patch for D-Link G416 Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/554376

Trust: 0.6

sources: ZDI: ZDI-24-446 // CNVD: CNVD-2024-26088

EXTERNAL IDS

db:NVDid:CVE-2024-5295

Trust: 2.3

db:ZDIid:ZDI-24-446

Trust: 2.3

db:ZDI_CANid:ZDI-CAN-21294

Trust: 0.7

db:CNVDid:CNVD-2024-26088

Trust: 0.6

sources: ZDI: ZDI-24-446 // CNVD: CNVD-2024-26088 // NVD: CVE-2024-5295

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-24-446/

Trust: 1.6

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10364

Trust: 0.7

sources: ZDI: ZDI-24-446 // CNVD: CNVD-2024-26088 // NVD: CVE-2024-5295

CREDITS

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)

Trust: 0.7

sources: ZDI: ZDI-24-446

SOURCES

db:ZDIid:ZDI-24-446
db:CNVDid:CNVD-2024-26088
db:NVDid:CVE-2024-5295

LAST UPDATE DATE

2024-08-14T14:42:42.419000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-24-446date:2024-07-01T00:00:00
db:CNVDid:CNVD-2024-26088date:2024-06-06T00:00:00
db:NVDid:CVE-2024-5295date:2024-05-24T01:15:30.977

SOURCES RELEASE DATE

db:ZDIid:ZDI-24-446date:2024-05-24T00:00:00
db:CNVDid:CNVD-2024-26088date:2024-06-06T00:00:00
db:NVDid:CVE-2024-5295date:2024-05-23T22:15:15.420