CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-44341

Critical Severity
Dlink
SVRS
95/100
CVSSv3
9.8/10
EPSS
0.00692/1

CVE-2024-44341 is a critical remote command execution (RCE) vulnerability found in D-Link DIR-846W routers. Specifically, the flaw resides in the firmware version A1 FW100A43 and can be triggered through a specially crafted POST request targeting the lan(0)_dhcps_staticlist parameter.

SOCRadar's Vulnerability Risk Score (SVRS) for CVE-2024-44341 is 95, indicating a very high level of risk. This score, which is significantly influenced by real-world threat intelligence, means immediate action is required to mitigate the threat. The vulnerability allows attackers to execute arbitrary commands on the affected router, potentially leading to full system compromise. Successful exploitation could enable attackers to eavesdrop on network traffic, steal sensitive data, or use the router as a launchpad for further attacks within the network. Given that it is tagged "In The Wild", this vulnerability is actively being exploited. The high CVSS score of 9.8 further emphasizes the severity of this security vulnerability.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-27
LAST MODIFIED2024-08-30
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-44341 is a critical remote command execution (RCE) vulnerability in D-Link DIR-846W A1 FW100A43. It allows attackers to execute arbitrary commands on the affected device by sending a crafted POST request. The vulnerability has a CVSS score of 9.8 and an SVRS of 86, indicating a high level of severity and urgency.

Key Insights

  • Active Exploitation: Active exploits have been published for this vulnerability, indicating that it is being actively exploited by hackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • Threat Actors: Specific threat actors or APT groups have not been identified as actively exploiting this vulnerability.
  • Impact: Successful exploitation of this vulnerability could allow attackers to gain complete control of the affected device, including the ability to execute arbitrary commands, steal sensitive data, and launch further attacks.

Mitigation Strategies

  • Apply Software Updates: Install the latest firmware update from D-Link to patch the vulnerability.
  • Disable Remote Access: If possible, disable remote access to the affected device until the patch is applied.
  • Use Strong Passwords: Use strong and unique passwords for the device's administrative account.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and block any unauthorized access attempts.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately […] Brazil's Polícia Federal arrested the notorious hacker USDoD Brazil’s Polícia Federal has arrested hacker USDoD, the hacker behind the National Public
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: A new Linux variant of FASTCash malware targets financial systems North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The variant discovered by the researcher was previously unknown and targets Ubuntu 22.04 LTS distributions. In November 2018, Symantec […] WordPress Jetpack plugin critical flaw impacts 27 million sites WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Pokemon dev Game Freak discloses data breach Pokemon dev Game Freak confirmed that an August cyberattack led to source code leaks and designs for unpublished games online. Game Freak Inc. is a popular Japanese video game developer, founded on April 26, 1989, by Satoshi Tajiri, Ken Sugimori, and Junichi Masuda. It is primarily known as the main developer of the Pokémon video game series. The […] U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet products and Ivanti CSA bugs
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Nation-state actor exploited three Ivanti CSA zero-days An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs researchers warn that a suspected nation-state actor has been exploiting three Ivanti Cloud Service Appliance (CSA) zero-day issues to carry out malicious activities. The three vulnerabilities exploited by the threat actor are: “an advanced adversary […] Dutch police dismantled dual dark web market 'Bohemia/Cannabia' Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime services. The Dutch
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15 Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000! GorillaBot: The New King of DDoS Attacks Hidden cryptocurrency mining and theft campaign affected over […] Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | Description: SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15 Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000! GorillaBot: The New King of DDoS Attacks Hidden cryptocurrency mining and theft campaign affected over […] | News Content: SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15 Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: A cyber attack hit Iranian government sites and nuclear facilities As Middle East tensions rise, cyberattacks hit Iran’s government branches and nuclear facilities, following Israel’s response to Iran’s October 1 missile barrage. Amid escalating Middle East tensions, Iran faced major cyberattacks Saturday, disrupting its government branches and targeting nuclear facilities. The massive cyberattack followed Israel’s pledged response to Iran’s October 1 missile barrage, as regional […] Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks Sophos reports ransomware operators are exploiting a critical code execution flaw
google.com
rss
forum
news

Social Media

CVE-2024-44341 (CVSS:9.8, CRITICAL) is Analyzed. D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcp..https://t.co/yYd71uuzLC #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-44341 Remote Command Execution in D-Link DIR-846W via POST Request The D-Link DIR-846W A1 FW100A43 has a remote command execution (RCE) vulnerability. This issue is in the lan(0)_dhcps_staticlist paramet... https://t.co/9Y90r3RzLq
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSDlinkdir-846w_firmware

References

ReferenceLink
[email protected]http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W
[email protected]https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44341
[email protected]https://www.dlink.com/en/security-bulletin/
GITHUBhttps://github.com/yali-1002/some-poc/blob/main/CVE-2024-44341
GITHUBhttps://www.dlink.com/en/security-bulletin/

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence