A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 03 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 19 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8100
Dlink di-8100 Firmware
CPEs cpe:2.3:h:dlink:di-8100:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8100_firmware:16.07:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink di-8100
Dlink di-8100 Firmware

Thu, 15 Aug 2024 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title D-Link DI-8100 upgrade_filter.asp upgrade_filter_asp command injection
Weaknesses CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-15T14:00:04.876Z

Updated: 2024-09-03T18:03:42.204Z

Reserved: 2024-08-15T05:46:45.587Z

Link: CVE-2024-7833

cve-icon Vulnrichment

Updated: 2024-09-03T18:03:38.123Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-15T14:15:14.720

Modified: 2024-08-19T16:00:21.393

Link: CVE-2024-7833

cve-icon Redhat

No data.