Cyber Resilience

CVE-2024-29385

CriticalPublic PoCRCE

Published: 22 March 2024

Published
22 March 2024
Modified
17 June 2025
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0656 91.3th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29385 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Dir-845L Firmware. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-29385 affects the D-Link DIR-845L router running firmware up to version 1.01KRb03. The flaw is an unauthenticated remote code execution vulnerability residing in the cgibin binary, specifically within the soapcgi_main function, and is tracked under CWE-77 for improper neutralization of special elements used in a command.

An attacker with network access can trigger the issue without authentication or user interaction. Successful exploitation yields full system compromise, allowing arbitrary command execution with impacts to confidentiality, integrity, and availability; the CVSS vector reflects high attack complexity yet changed scope, enabling the attacker to affect resources beyond the vulnerable component.

Public references include a detailed technical report hosted on GitHub and D-Link's security bulletin page, which practitioners should consult for any official firmware updates or configuration guidance. The associated EPSS score has remained stable at 0.0656 with no material increase observed since disclosure.

EU & UK References

Vulnerability details

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated RCE in the cgibin binary via soapcgi_main enables exploitation of a public-facing web application on the DIR-845L router.

Affected Assets

dlink
dir-845l firmware
≤ 1.01krb03

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References