Sign-up

ID

VAR-202410-1794


CVE

CVE-2024-48633


TITLE

D-Link DIR-878 and D-Link DIR-882 Command Injection Vulnerability (CNVD-2024-41699)

Trust: 0.6

sources: CNVD: CNVD-2024-41699

DESCRIPTION

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

Trust: 1.44

sources: NVD: CVE-2024-48633 // CNVD: CNVD-2024-41699

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-41699

AFFECTED PRODUCTS

vendor:d linkmodel:dir-882 fw130b06scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-878 fw130b08scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-41699

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-48633
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-41699
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-41699
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-48633
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-41699 // NVD: CVE-2024-48633

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2024-48633

EXTERNAL IDS

db:NVDid:CVE-2024-48633

Trust: 1.6

db:CNVDid:CNVD-2024-41699

Trust: 0.6

sources: CNVD: CNVD-2024-41699 // NVD: CVE-2024-48633

REFERENCES

url:https://github.com/pjqwudi1/my_vuln/blob/main/d-link4/vuln_40/40.md

Trust: 1.0

url:https://www.dlink.com/en/security-bulletin/

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2024-48633/

Trust: 0.6

sources: CNVD: CNVD-2024-41699 // NVD: CVE-2024-48633

SOURCES

db:CNVDid:CNVD-2024-41699
db:NVDid:CVE-2024-48633

LAST UPDATE DATE

2024-10-27T23:20:37.790000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-41699date:2024-10-25T00:00:00
db:NVDid:CVE-2024-48633date:2024-10-18T12:52:33.507

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-41699date:2024-10-25T00:00:00
db:NVDid:CVE-2024-48633date:2024-10-17T18:15:08.447