Cyber Resilience

CVE-2023-24762

CriticalRCE

Published: 13 March 2023

Published
13 March 2023
Modified
03 March 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0418 88.9th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-24762 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-867 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 11.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-24762 is an OS command injection vulnerability, tracked under CWE-78, that affects the D-Link DIR-867 wireless router running firmware version DIR_867_FW1.30B07. The flaw resides in the HNAP1 interface, specifically the SetVirtualServerSettings action, where the LocalIPAddress parameter is not properly sanitized before being passed to an operating system command.

Unauthenticated attackers with network access can supply a crafted LocalIPAddress value to execute arbitrary commands on the device. With a CVSS score of 9.8, successful exploitation grants full control over the router, enabling actions such as altering configuration, intercepting traffic, or using the device as a pivot point inside the network.

Public references point to a D-Link security bulletin page and a technical write-up on HackMD, though the supplied sources do not detail specific patch versions or mitigation steps beyond the general advisory link. The associated EPSS score remains low, with only a modest peak of 0.0548 that has since receded, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-867 firmware
1.30b07

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References