APT Group Gamaredon aka Shuckworm – Active IOCs
July 3, 2024Multiple IBM Products Vulnerabilities
July 3, 2024APT Group Gamaredon aka Shuckworm – Active IOCs
July 3, 2024Multiple IBM Products Vulnerabilities
July 3, 2024Severity
High
Analysis Summary
CVE-2024-5297 CVSS:8.8
D-Link D-View could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the executeWmicCmd method. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2024-5295 CVSS:8.8
D-Link G416 Wireless Routers could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the HTTP service listening on TCP port 80. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2024-5291 CVSS:8.8
D-Link DIR-2150 Routers could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the SOAP API interface listening on TCP port 80. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-5297
- CVE-2024-5295
- CVE-2024-5291
Affected Vendors
Affected Products
- D-Link D-View
- D-Link DIR-2150
- D-Link G416
Remediation
Upgrade to the latest version of D-View, available from the D-Link Website.