Multiple NETGEAR Products Vulnerabilities

November 6, 2024

Amadey Botnet – Active IOCs

November 7, 2024

Multiple D-Link DIR_823G Vulnerabilities

November 7, 2024

Severity

High

Analysis Summary

CVE-2024-51024 CVSS:8.8

D-Link DIR_823G could allow a remote authenticated attacker to execute arbitrary code/commands on the system, caused by ISSUE. By sending a specially crafted HostName parameter in the SetWanSettings function, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.

CVE-2024-51023 CVSS:8.8

D-Link DIR_823G could allow a remote authenticated attacker to execute arbitrary code/commands on the system, caused by ISSUE. By sending a specially crafted Address parameter in the SetNetworkTomographySettings function, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.

Impact

Code Execution
Gain Access

Indicators of Compromise

CVE

CVE-2024-51024
CVE-2024-51023

Affected Vendors

D-Link

Affected Products

D-Link DIR_823G - 1.0.2B05

Remediation

Refer to D-Link Security Advisory for patch, upgrade, or suggested workaround information.

D-Link Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

TeamViewer Windows Flaw Allows File Deletion as SYSTEM

Silver Fox Exploits Google Translate for Malware Attacks – Active IOCs

Multiple TP-Link TL-WR841N Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us