CVE-2024-48633

HIGH

D-Link DIR-882 and DIR-878 Firmware - OS Command Injection via SetVirtualServerSettings Parameters

Title source: llm

Description

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

References (2)

Core 2

Core References

Broken Link

https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_40/40.md

Product

https://www.dlink.com/en/security-bulletin/

Scores

CVSS v3 8.0

EPSS 0.0025

EPSS Percentile 48.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

dlink/dir-878_firmware 1.30b08

dlink/dir-882_firmware 1.30b06

Published Oct 17, 2024

Tracked Since Feb 18, 2026