CVE-2024-39962

Published: Jul 19, 2024Modified: Jul 9, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.

Affected (1)

Products: Dlink: Dir 823x Firmware

Dlink

1 product

Dir 823x Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 823x Firmware	Version 240126

Running on/with	Platform Versions
Dlink Dir 823x	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.