CVE-2024-7833

Published: Aug 15, 2024Modified: Jun 17, 2026

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Dlink: Di 8100 Firmware

1 product

Di 8100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8100 Firmware	Version 16.07

Running on/with	Platform Versions
Dlink Di 8100	All versions

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

https://github.com/aLtEr6/pdf/blob/main/3.pdf

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.274731

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.274731

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.385338

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.