CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-10914

Critical Severity
Dlink
SVRS
94/100
CVSSv3
9.8/10
EPSS
0.93937/1

CVE-2024-10914 is a critical vulnerability affecting D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices, leading to potential OS command injection. This vulnerability, found in the cgi_user_add function, allows remote attackers to execute arbitrary commands by manipulating the 'name' argument. With a SOCRadar Vulnerability Risk Score (SVRS) of 94, indicating immediate action is needed, this flaw poses a significant risk. Publicly available exploits increase the likelihood of attacks. Successful exploitation could lead to complete system compromise and data breach. The high SVRS underscores the urgency for patching this command injection flaw. This vulnerability is significant because it affects popular D-Link devices and could be exploited to cause widespread harm.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-11-06
LAST MODIFIED2024-11-08
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-10914 affects D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices up to firmware version 20241028. This critical vulnerability exists in the cgi_user_add function within the /cgi-bin/account_mgr.cgi?cmd=cgi_user_add file, allowing attackers to manipulate the name argument, leading to OS command injection. This vulnerability can be exploited remotely and has been publicly disclosed, meaning it's actively exploited by hackers. With a SVRS score of 84, this vulnerability is considered critical, requiring immediate action.

Key Insights

  1. Remote Exploitation: This vulnerability can be exploited remotely, meaning attackers can compromise devices without requiring physical access. This poses a significant risk, as attackers can target devices from anywhere in the world.
  2. OS Command Injection: The vulnerability allows attackers to execute arbitrary commands on the affected device. This gives them complete control over the device and its operating system, allowing them to install malware, steal data, or take other malicious actions.
  3. Publicly Disclosed Exploit: Exploits for this vulnerability have been published, making it easier for attackers to exploit it. This significantly increases the risk of successful attacks.
  4. Active Exploitation in the Wild: The vulnerability is actively being exploited by hackers, indicating a high level of threat. This means devices are already being compromised, highlighting the urgency of addressing this issue.

Mitigation Strategies

  1. Update Firmware: Immediately update affected D-Link DNS devices to the latest firmware version. This will patch the vulnerability and prevent attackers from exploiting it.
  2. Network Segmentation: Implement network segmentation to isolate vulnerable devices from critical network resources. This helps contain the damage if a device is compromised, preventing attackers from spreading to other parts of the network.
  3. Intrusion Detection/Prevention Systems (IDS/IPS): Deploy IDS/IPS solutions to detect and prevent attacks targeting this vulnerability. These solutions can monitor network traffic for suspicious activity and block attacks before they succeed.
  4. Regular Vulnerability Scanning: Regularly scan the network for vulnerabilities, including this CVE, to identify and address vulnerabilities before they can be exploited.

Additional Information

If you have any further questions about this specific vulnerability, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
imnotcha0s/CVE-2024-10914https://github.com/imnotcha0s/CVE-2024-109142024-11-09
jahithoque/CVE-2024-10914-Exploithttps://github.com/jahithoque/CVE-2024-10914-Exploit2024-12-04
verylazytech/CVE-2024-10914https://github.com/verylazytech/CVE-2024-109142024-11-10
K3ysTr0K3R/CVE-2024-10914-EXPLOIThttps://github.com/K3ysTr0K3R/CVE-2024-10914-EXPLOIT2024-11-27
dragonXZH/CVE-2024-10914https://github.com/dragonXZH/CVE-2024-109142024-12-24
silverxpymaster/CVE-2024-10914-Exploithttps://github.com/silverxpymaster/CVE-2024-10914-Exploit2025-02-14
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

D-Link não consertará falha crítica de NAS
Da Redação2024-11-24
D-Link não consertará falha crítica de NAS | Mais de 60.000 dispositivos de armazenamento D-Link conectados à rede (NAS), que já atingiram o fim de sua vida útil (EoL), estão expostos a uma grave vulnerabilidade de injeção de comando, identificada como CVE-2024-10914. Essa falha tem uma pontuação crítica de 9,2 em uma escala de 10, destacando seu alto risco. A vulnerabilidade reside no […] Fonte
cisoadvisor.com.br
rss
forum
news
D-Link Urges Replacement of End-of-Life VPN Routers Amid Critical Security Vulnerability
Dhara Shrivastava ([email protected])2024-11-22
D-Link Urges Replacement of End-of-Life VPN Routers Amid Critical Security Vulnerability |  D-Link has issued a strong warning to its customers, advising them to replace certain end-of-life (EoL) VPN router models immediately. This follows the discovery of a
blogger.com
rss
forum
news
D-Link Devices Face Cyber Attacks Following End-of-Life Announcement
Ridhika Singh ([email protected])2024-11-21
D-Link Devices Face Cyber Attacks Following End-of-Life Announcement |  
blogger.com
rss
forum
news
Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini2024-11-17
Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A botnet exploits e GeoVision zero-day to compromise EoL devices Palo Alto Networks confirmed active exploitation of recently […] A new round of the weekly SecurityAffairs newsletter
securityaffairs.co
rss
forum
news
Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices
Pierluigi Paganini2024-11-15
Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices | The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in legacy D-Link NAS devices began days after its disclosure. Days after D-Link announced it wouldn&#8217;t patch a critical vulnerability, tracked as CVE-2024-10914 (CVSS score of 9.8), in legacy D-Link NAS devices, that threat actors started attempting to exploit. The vulnerability CVE-2024-10914 is a command [&#8230;] <
securityaffairs.co
rss
forum
news
D-Link devices are already being attacked after the company said it would no longer support them
2024-11-14
D-Link devices are already being attacked after the company said it would no longer support them | End-of-life devices with critical flaws are already being attacked, days after the vuln was found Earlier this week, researchers discover a 9.2 flaw affecting multiple NAS modelsD-Link says it won't patch them since they reached end-of-life status
techradar.com
rss
forum
news
These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER
Richi Jennings2024-11-14
These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER | ‘Bobby’ flaw flagged WONTFIX: Company doesn’t make storage devices now; has zero interest in fixing this catastrophic vulnerability. The post These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER<
humor
securityboulevard.com
rss
forum

Social Media

A critical #vulnerability, #CVE202410914, has been discovered in unsupported #DLinkdevices. With over 60,000 devices potentially exposed, attackers are leveraging this flaw to steal data. #CISA #Threatintel CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices - CYFIRMA
0
0
0
CVE-2024-10914: vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. https://t.co/Cg8hB1jof3 https://t.co/9JI6vNy8Qt
0
0
1
🚨 CVE-2024-10914: Command Injection in D-Link NAS Devices (PoC) https://t.co/sjvAnagEJR via @YouTube
0
0
0
A critical vulnerability, identified as CVE-2024-10914, is being actively exploited in several models of end-of-life D-Link network-attached storage (NAS) devices. https://t.co/oN53xE1Srf
0
1
0
A critical unpatched vulnerability, CVE-2024-10914, impacting legacy D-Link NAS devices is being actively exploited shortly after disclosure. #cybersecurity #vulnerability #DLink
0
0
0
CVE-2024-10914 alert 🚨 D-Link : vulnerability found in DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028 The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #DLink #DNS https://t.co/NkQ5zEqdEG
0
0
0
D-Link won’t fix critical flaw affecting 60,000 older NAS devices: https://t.co/27a1x7I0oz More than 60,000 D-Link NAS devices are vulnerable to a critical command injection flaw (CVE-2024-10914) with a severity score of 9.2. The vulnerability allows unauthenticated attackers to
0
0
0
D-Link won’t fix critical flaw affecting 60,000 older end-of-life NAS devices. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score with a publicly available exploit. https://t.co/9G7mlnPjxH https://t.co/Fs0OU3pAJb
0
0
0
csirt_it: ‼ #DLink: disponibile un #PoC per lo sfruttamento della CVE-2024-10914 che interessa alcuni modelli di #NAS Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔗 https://t.co/0x7MsTY3O5 ⚠ Importante mantenere aggiornati i sistemi https://t.co/963N3xK2Hk
0
0
0
🚨 CVE-2024-10914 (CVSS 9.2): Command Injection Flaw Threatens 61,000+ D-Link NAS Devices A critical command injection flaw (CVSS 9.2) threatens 61,000+ D-Link NAS devices. If you're using DNS-320, DNS-320LW, DNS-325, or DNS-340L, read on. Sensitive data could be at risk! The https://t.co/dKyYfTOcrC
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSDlinkdns-320_firmware
Configuration 2
TypeVendorProduct
OSDlinkdns-320lw_firmware
Configuration 3
TypeVendorProduct
OSDlinkdns-325_firmware
Configuration 4
TypeVendorProduct
OSDlinkdns-340l_firmware

References

ReferenceLink
[email protected]https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07?pvs=4
[email protected]https://vuldb.com/?ctiid.283309
[email protected]https://vuldb.com/?id.283309
[email protected]https://vuldb.com/?submit.432847
[email protected]https://www.dlink.com/

CWE Details

CWE IDCWE NameDescription
CWE-707Improper NeutralizationThe product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence