May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
R00TK1T Data Breach Exposes Pakistani Departmental Data
May 4, 2024
Critical Infrastructure in North America and Europe Targeted by Russian Threat Actors
May 5, 2024
R00TK1T Data Breach Exposes Pakistani Departmental Data
May 4, 2024
Critical Infrastructure in North America and Europe Targeted by Russian Threat Actors
May 5, 2024
Severity
High
Analysis Summary
CVE-2024-33345 CVSS:5.3
D-Link DIR-823G is vulnerable to a denial of service, caused by a NULL pointer dereference in the main function of upload_firmware.cgi. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-33344 CVSS:8.8
D-Link DIR-822+ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in ftext function of upload_firmware.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2024-33343 CVSS:9.8
D-Link DIR-822+ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in ChgSambaUserSettings function of prog.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2024-33342 CVSS:9.8
D-Link DIR-822+ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in SetPlcNetworkpwd function of prog.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-33345
- CVE-2024-33344
- CVE-2024-33343
- CVE-2024-33342
Affected Vendors
D-Link
Affected Products
- D-Link DIR-823G 1.02B05
- D-Link DIR-822+ 1.0.5
Remediation
Refer to D-Link Website for patch, upgrade, or workaround information.
