CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-33112

High Severity
SVRS
68/100
CVSSv3
7.5/10
EPSS
0.12853/1

CVE-2024-33112: Command Injection Vulnerability in D-Link DIR-845L routers. This critical flaw allows unauthorized attackers to execute arbitrary commands on affected devices via the hnap_main() function. Routers running firmware version v1.01KRb03 and earlier are vulnerable to this command injection. While the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 68, indicating a moderate risk; however, given the "In The Wild" tag, active exploitation is possible, requiring prompt evaluation and patching. Successful exploitation could lead to complete compromise of the device, data theft, or its use in botnet attacks. This vulnerability poses a significant threat to home and small business networks relying on the D-Link DIR-845L router.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-05-06
LAST MODIFIED2025-01-07
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-33112 affects D-Link DIR-845L routers running firmware versions 1.01KRb03 and earlier. The vulnerability allows attackers to execute arbitrary commands through a command injection flaw in the hnap_main() function, potentially leading to full control over the affected router.

SVRS: While the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is significantly lower at 34, indicating that while the vulnerability is exploitable, it may not be considered a high-priority threat at this time.

Key Insights

  • Command Injection: This vulnerability allows attackers to inject malicious commands into the router's system, potentially leading to complete compromise.
  • In the Wild: The vulnerability has been observed being actively exploited by hackers.
  • Firmware Versions: Only D-Link DIR-845L routers running firmware versions 1.01KRb03 and earlier are affected.
  • Potential Impact: Attackers could gain full control over the affected router, potentially using it to launch further attacks against other devices on the network.

Mitigation Strategies

  • Firmware Update: Immediately update the firmware on all affected D-Link DIR-845L routers to the latest available version.
  • Network Segmentation: Implement network segmentation to isolate the affected router and limit the impact of a potential compromise.
  • Strong Passwords: Use strong and unique passwords for all router administration interfaces.
  • Security Monitoring: Implement security monitoring tools to detect and respond to any suspicious activity on the network.

Additional Information

This vulnerability is actively exploited by attackers, making it a serious threat to the security of affected devices. If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Privacy Roundup: Week 1 of Year 2025
Avoid The Hack!2025-01-04
Privacy Roundup: Week 1 of Year 2025 | This is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 - 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things
securityboulevard.com
rss
forum
news
Old D-Link Routers Targeted by CAPSAICIN Botnet Exploiting Vulnerabilities
laseem shayifa2024-12-27
Old D-Link Routers Targeted by CAPSAICIN Botnet Exploiting Vulnerabilities | Outdated D-Link routers are under attack from two aggressive botnets—FICORA and CAPSAICIN, a variant of the Kaiten botnet. The post Old D-Link Routers Targeted by CAPSAICIN Botnet Exploiting Vulnerabilities appeared first on SecureReading.Outdated D-Link routers are under attack from two aggressive botnets—FICORA and CAPSAICIN, a variant of the Kaiten botnet
securereading.com
rss
forum
news
FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
Ajit Jasrotia2024-12-27
FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks | Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. “These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings action on […] The post FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global
allhackernews.com
rss
forum
news
CVE-2024-33112 | D-Link DIR-845L up to 1.01KRb03 hnap_main command injection
vuldb.com2024-05-06
CVE-2024-33112 | D-Link DIR-845L up to 1.01KRb03 hnap_main command injection | A vulnerability, which was classified as critical, was found in D-Link DIR-845L up to 1.01KRb03. Affected is the function hnap_main. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-33112. The attack can only be done within the local network. There
cve-2024-33112
domains
urls
cves

Social Media

🛠️Added new vulnerability poc for CVE-2024-33112. #infosec #cyber #security https://t.co/iiFBbHeIvs
0
0
0
#Malware #Vulnerability CVE-2024-33112 and More: How FICORA and CAPSAICIN Botnets Are Exploiting D-Link Devices https://t.co/fn834TGE9g
0
0
0
Malware botnets exploit outdated D-Link routers in recent attacks https://t.co/IoFjyvru4o ”For initial access, the two pieces of malware use known exploits for CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112.”
0
0
0
Surge in FICORA (#Mirai variant) & CAPSAICIN (#Kaiten variant) botnets exploiting old D-Link flaws. Targets: CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. Global impact. #infosec #cyber #security @securityaffairs https://t.co/o3jMFBDsml
0
0
3
🗣 CVE-2024-33112 and More: How FICORA and CAPSAICIN Botnets Are Exploiting D-Link Devices https://t.co/IwTariELvy
0
0
0
CVE-2024-33112 and More: How FICORA and CAPSAICIN Botnets Are Exploiting D-Link Devices Learn about the recent spike in botnet activity from FICORA and CAPSAICIN targeting D-Link devices and the vulnerabilities they exploit. https://t.co/FDDE5y3mlJ
0
0
4
🔧 These botnets exploit vulnerabilities dating back nearly a decade (e.g., CVE-2015-2051, CVE-2024-33112) to spread malware and launch sophisticated attacks globally. Regular updates, device monitoring, and disabling unused services like HNAP are essential defenses.
0
0
0
🚨 Botnets Exploiting Aging D-Link Vulnerabilities 🚨 Botnets "FICORA" & "CAPSAICIN" are targeting old D-Link router flaws via HNAP weaknesses (e.g., CVE-2015-2051, CVE-2022-37056, CVE-2024-33112). These vulnerabilities allow remote attackers to execute malicious commands,
0
1
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md
[email protected]https://github.com/yj94/Yj_learning/blob/b597925953d8bbb286a63f0019bb547c1617cb61/Week16/D-LINK-POC.md
[email protected]https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md
GITHUBhttps://github.com/yj94/Yj_learning/blob/b597925953d8bbb286a63f0019bb547c1617cb61/Week16/D-LINK-POC.md
GITHUBhttps://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence