CVE-2024-29385
Published: 22 March 2024
Summary
CVE-2024-29385 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Dir-845L Firmware. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-29385 affects the D-Link DIR-845L router running firmware up to version 1.01KRb03. The flaw is an unauthenticated remote code execution vulnerability residing in the cgibin binary, specifically within the soapcgi_main function, and is tracked under CWE-77 for improper neutralization of special elements used in a command.
An attacker with network access can trigger the issue without authentication or user interaction. Successful exploitation yields full system compromise, allowing arbitrary command execution with impacts to confidentiality, integrity, and availability; the CVSS vector reflects high attack complexity yet changed scope, enabling the attacker to affect resources beyond the vulnerable component.
Public references include a detailed technical report hosted on GitHub and D-Link's security bulletin page, which practitioners should consult for any official firmware updates or configuration guidance. The associated EPSS score has remained stable at 0.0656 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26393
Vulnerability details
DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated RCE in the cgibin binary via soapcgi_main enables exploitation of a public-facing web application on the DIR-845L router.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.