Cyber Resilience

CVE-2024-39962

CriticalPublic PoCRCE

Published: 19 July 2024

Published
19 July 2024
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0985 93.2th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39962 is a critical-severity Code Injection (CWE-94) vulnerability in Dlink Dir-823X Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 6.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router firmware version v21_D240126 contains a remote code execution vulnerability in the ntp_zone_val parameter processed by the /goform/set_ntp endpoint. The flaw, tracked as CVE-2024-39962 and assigned CWE-94, allows arbitrary code execution through a specially crafted HTTP request and carries a CVSS 3.1 score of 9.8.

An unauthenticated attacker with network access can submit a malicious POST request to the affected endpoint and achieve full control over the device, including the ability to execute arbitrary commands, modify configuration, or pivot into the local network. No user interaction or credentials are required.

Public references consist of a technical write-up and proof-of-concept hosted on GitHub Gist; no vendor advisory or firmware patch is referenced in the available data. The EPSS score has remained flat at 0.0985 since disclosure, indicating steady but not sharply increasing exploitation interest.

EU & UK References

Vulnerability details

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-823x firmware
240126

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-94

Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.

addresses: CWE-94

Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.

addresses: CWE-94

Validates inputs used in dynamic code generation to block injected directives.

addresses: CWE-94

Directly prevents execution of attacker-supplied code written into data memory regions.

References