CVE-2024-48633 — HIGH (8.0)

Vulnerability Description

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dlink	Dir-882 Firmware	1.30b06
Dlink	Dir-882	-
Dlink	Dir-878 Firmware	1.30b08
Dlink	Dir-878	-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2024-48633?

CVE-2024-48633 is a vulnerability with a CVSS score of 8.0 (HIGH). D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parame...

How severe is CVE-2024-48633?

CVE-2024-48633 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-48633?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-882 Firmware, Dlink Dir-882, Dlink Dir-878 Firmware, Dlink Dir-878.