Multiple NETGEAR Products Vulnerabilities
November 28, 2024Multiple TP-Link TL-WDR7660 Vulnerabilities
November 28, 2024Multiple NETGEAR Products Vulnerabilities
November 28, 2024Multiple TP-Link TL-WDR7660 Vulnerabilities
November 28, 2024Severity
High
Analysis Summary
CVE-2024-52739 CVSS:8
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.
CVE-2024-48633 CVSS:8
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-52739
- CVE-2024-48633
Affected Vendors
Affected Products
- D-Link DIR_882_FW130B06
- D-Link DIR_878_FW130B08
- D-LINK DI-8400 v16.07.26A1
Remediation
Refer to D-Link Security Advisory for patch, upgrade, or suggested workaround information.