CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-33343

Medium Severity
SVRS
34/100
CVSSv3
NA/10
EPSS
0.00641/1

CVE-2024-33343 is a command injection vulnerability in D-Link DIR-822+ routers, allowing attackers to execute arbitrary commands. The vulnerability exists in the ChgSambaUserSettings function of prog.cgi in version V1.0.5. Though the CVSS score is 0, indicating no direct impact according to that system, the SOCRadar Vulnerability Risk Score (SVRS) is 34. This score, while not critical, suggests that the vulnerability has some degree of real-world exploitability and attention from threat actors as indicated by the tag In The Wild. Remote attackers can exploit this vulnerability to gain control of the router by injecting shell commands. This can lead to serious security breaches, including data theft, network compromise, and potentially using the compromised router as part of a botnet. Organizations using the D-Link DIR-822+ should promptly apply any available patches or mitigations. Even with a moderate SVRS, the potential impact of successful exploitation is significant.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-04-26
LAST MODIFIED2024-07-03
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-33343 is a command injection vulnerability in D-Link DIR-822+ V1.0.5. It allows remote attackers to execute arbitrary commands via shell by exploiting the ChgSambaUserSettings function of prog.cgi. The SVRS of 34 indicates a moderate risk, requiring attention and appropriate mitigation measures.

Key Insights:

  • Remote Exploitation: The vulnerability can be exploited remotely, allowing attackers to compromise the device without physical access.
  • Arbitrary Command Execution: Attackers can execute any commands on the affected device, potentially leading to system compromise, data theft, or malware installation.
  • Widely Used Device: D-Link DIR-822+ is a popular router model, increasing the potential impact of this vulnerability.

Mitigation Strategies:

  • Update Firmware: Apply the latest firmware update from D-Link to patch the vulnerability.
  • Disable Remote Management: If possible, disable remote management features on the router to reduce the attack surface.
  • Use Strong Passwords: Set strong and unique passwords for the router's administrative account to prevent unauthorized access.
  • Monitor Network Traffic: Implement network monitoring tools to detect suspicious activity and identify potential exploitation attempts.

Additional Information:

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have not been published yet.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: The vulnerability is not known to be actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-33343 | D-Link DIR-822+ 1.0.5 prog.cgi ChgSambaUserSettings command injection
vuldb.com2024-04-26
CVE-2024-33343 | D-Link DIR-822+ 1.0.5 prog.cgi ChgSambaUserSettings command injection | A vulnerability was found in D-Link DIR-822+ 1.0.5 and classified as critical. This issue affects the function ChgSambaUserSettings of the file prog.cgi. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-33343. The attack may be initiated remotely. There
cve-2024-33343
domains
urls
cves

Social Media

CVE-2024-33343 D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary comma… https://t.co/tyse9U3NR0
0
1
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-822%2B
[email protected]https://github.com/n0wstr/IOTVuln/tree/main/DIR-822%2B/ChgSambaUserSettings

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence