Cyber Resilience

CVE-2024-44400

CriticalPublic PoCRCE

Published: 04 September 2024

Published
04 September 2024
Modified
11 October 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3988 97.4th percentile
Risk Priority 44 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44400 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Di-8400 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability was discovered in DI_8400-16.07.26A1, classified as critical under CVE-2024-44400. It resides in the upgrade_filter_asp function within upgrade_filter.asp, where manipulation of the path parameter enables command injection. The issue is tracked as CWE-77 and carries a CVSS 3.1 score of 9.8 reflecting network attack vector, low complexity, and no required privileges or user interaction.

Unauthenticated remote attackers can exploit the flaw over the network to inject and execute arbitrary commands, resulting in complete compromise of confidentiality, integrity, and availability on the affected device. The current and peak EPSS score stands at 0.3988 with no material rise indicated after disclosure.

The supplied references consist of GitHub files that document the command-injection vector but contain no information on patches, workarounds, or vendor mitigation guidance.

EU & UK References

Vulnerability details

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

Command injection via path parameter in upgrade_filter.asp web interface enables exploitation of public-facing application (T1190) and execution of arbitrary commands on the network device CLI (T1059.008).

Affected Assets

dlink
di-8400 firmware
16.07.26a1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References