ГлавнаяУязвимости → CVE-2024-48636
8высокая

CVE-2024-48636

Описание

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

Затрагиваемое ПО
Dlink Dir-882 firmwareDlink Dir-882Dlink Dir-878 firmwareDlink Dir-878
CVSS
Балл8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_36/36.mdhttps://www.dlink.com/en/security-bulletin/