CVE-2023-24762
Published: 13 March 2023
Summary
CVE-2023-24762 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-867 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 11.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-24762 is an OS command injection vulnerability, tracked under CWE-78, that affects the D-Link DIR-867 wireless router running firmware version DIR_867_FW1.30B07. The flaw resides in the HNAP1 interface, specifically the SetVirtualServerSettings action, where the LocalIPAddress parameter is not properly sanitized before being passed to an operating system command.
Unauthenticated attackers with network access can supply a crafted LocalIPAddress value to execute arbitrary commands on the device. With a CVSS score of 9.8, successful exploitation grants full control over the router, enabling actions such as altering configuration, intercepting traffic, or using the device as a pivot point inside the network.
Public references point to a D-Link security bulletin page and a technical write-up on HackMD, though the supplied sources do not detail specific patch versions or mitigation steps beyond the general advisory link. The associated EPSS score remains low, with only a modest peak of 0.0548 that has since receded, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-28772
Vulnerability details
OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.