Multiple D-Link Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-52739 CVSS:8

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.

CVE-2024-48633 CVSS:8

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2024-52739
CVE-2024-48633

Affected Vendors

D-Link

Affected Products

D-Link DIR_882_FW130B06
D-Link DIR_878_FW130B08
D-LINK DI-8400 v16.07.26A1

Remediation

Refer to D-Link Security Advisory for patch, upgrade, or suggested workaround information.

D-Link Security Advisory

Multiple NETGEAR Products Vulnerabilities

Multiple TP-Link TL-WDR7660 Vulnerabilities

Multiple D-Link Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan