CVE-2024-33344
Published: 26 April 2024
Summary
CVE-2024-33344 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Dir-822\+ Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
D-Link DIR-822+ firmware version 1.0.5 contains a command injection vulnerability in the ftext function of upload_firmware.cgi. The flaw, tracked as CVE-2024-33344 and assigned CWE-77, permits unauthenticated remote attackers to supply crafted input that is passed directly to a system shell, resulting in arbitrary command execution. The issue carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and no required privileges or user interaction.
An attacker with network access to the device can send a malicious HTTP request to the firmware upload endpoint and obtain full control of the router, including the ability to read or modify configuration, install persistent malware, or pivot to other hosts on the LAN. No authentication or special privileges are needed, making the exposure particularly severe for internet-facing or locally reachable devices.
The associated EPSS score has reached 0.5369 without a documented rise from a lower baseline. Public references consist of a D-Link support page for the affected model and a GitHub repository containing proof-of-concept details; no vendor advisory describing patches or mitigation steps is provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-31086
Vulnerability details
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in upload_firmware.cgi enables exploitation of a public-facing web application (T1190) for remote arbitrary Unix shell command execution (T1059.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.