CVE-2024-10915

Critical

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by…

VulDB·CWE-74·Published 2024-11-06

CVSS

9.8

EPSS

0.79

KEV

Exploits

cve.orgde

507 chars

Eine kritische Schwachstelle wurde in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L bis 20241028 ausgemacht. Davon betroffen ist die Funktion cgi_user_add der Datei /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. Mittels dem Manipulieren des Arguments group mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.

cve.orgen

486 chars

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

NVDen

486 chars

NVDes

524 chars

Se ha detectado una vulnerabilidad en los sistemas DNS-320, DNS-320LW, DNS-325 y DNS-340L de D-Link hasta 20241028. Se ha calificado como crítica. Este problema afecta a la función cgi_user_add del archivo /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. La manipulación del grupo de argumentos provoca la inyección de comandos del sistema operativo. El ataque puede ejecutarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que su explotación es difícil. El exploit se ha hecho público y puede utilizarse.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	cve.org	7.6	—	—	AV:N/AC:H/Au:N/C:C/I:C/A:C
2.0	Primary	cve.org	7.6	—	—	AV:N/AC:H/Au:N/C:C/I:C/A:C
2.0	Secondary	NVD	7.6	4.9	10.0	AV:N/AC:H/Au:N/C:C/I:C/A:C
3.0	Primary	cve.org	8.1	—	—	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	8.1	—	—	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.1	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.1	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0	Primary	cve.org	9.2	—	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4.0	Primary	cve.org	9.2	—	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4.0	Secondary	NVD	9.2	—	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X