Severity
High
Analysis Summary
CVE-2024-33345 CVSS:5.3
D-Link DIR-823G is vulnerable to a denial of service, caused by a NULL pointer dereference in the main function of upload_firmware.cgi. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-33344 CVSS:8.8
D-Link DIR-822+ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in ftext function of upload_firmware.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2024-33343 CVSS:9.8
D-Link DIR-822+ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in ChgSambaUserSettings function of prog.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2024-33342 CVSS:9.8
D-Link DIR-822+ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in SetPlcNetworkpwd function of prog.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-33345
- CVE-2024-33344
- CVE-2024-33343
- CVE-2024-33342
Affected Vendors
Affected Products
- D-Link DIR-823G 1.02B05
- D-Link DIR-822+ 1.0.5
Remediation
Refer to D-Link Website for patch, upgrade, or workaround information.