Cyber Resilience

CVE-2024-33344

CriticalPublic PoCRCE

Published: 26 April 2024

Published
26 April 2024
Modified
21 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5369 98.0th percentile
Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33344 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Dir-822\+ Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR-822+ firmware version 1.0.5 contains a command injection vulnerability in the ftext function of upload_firmware.cgi. The flaw, tracked as CVE-2024-33344 and assigned CWE-77, permits unauthenticated remote attackers to supply crafted input that is passed directly to a system shell, resulting in arbitrary command execution. The issue carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and no required privileges or user interaction.

An attacker with network access to the device can send a malicious HTTP request to the firmware upload endpoint and obtain full control of the router, including the ability to read or modify configuration, install persistent malware, or pivot to other hosts on the LAN. No authentication or special privileges are needed, making the exposure particularly severe for internet-facing or locally reachable devices.

The associated EPSS score has reached 0.5369 without a documented rise from a lower baseline. Public references consist of a D-Link support page for the affected model and a GitHub repository containing proof-of-concept details; no vendor advisory describing patches or mitigation steps is provided in the available references.

EU & UK References

Vulnerability details

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection in upload_firmware.cgi enables exploitation of a public-facing web application (T1190) for remote arbitrary Unix shell command execution (T1059.004).

Affected Assets

dlink
dir-822\+ firmware
1.05

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References