Multiple D-Link DIR_823G Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-51024 CVSS:8.8

D-Link DIR_823G could allow a remote authenticated attacker to execute arbitrary code/commands on the system, caused by ISSUE. By sending a specially crafted HostName parameter in the SetWanSettings function, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.

CVE-2024-51023 CVSS:8.8

D-Link DIR_823G could allow a remote authenticated attacker to execute arbitrary code/commands on the system, caused by ISSUE. By sending a specially crafted Address parameter in the SetNetworkTomographySettings function, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.

Impact

Code Execution
Gain Access

Indicators of Compromise

CVE

CVE-2024-51024
CVE-2024-51023

Affected Vendors

D-Link

Affected Products

D-Link DIR_823G - 1.0.2B05

Remediation

Refer to D-Link Security Advisory for patch, upgrade, or suggested workaround information.

D-Link Security Advisory

Multiple NETGEAR Products Vulnerabilities

Amadey Botnet – Active IOCs

Multiple D-Link DIR_823G Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan