CVE-2024-44400
Published: 04 September 2024
Summary
CVE-2024-44400 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Di-8400 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability was discovered in DI_8400-16.07.26A1, classified as critical under CVE-2024-44400. It resides in the upgrade_filter_asp function within upgrade_filter.asp, where manipulation of the path parameter enables command injection. The issue is tracked as CWE-77 and carries a CVSS 3.1 score of 9.8 reflecting network attack vector, low complexity, and no required privileges or user interaction.
Unauthenticated remote attackers can exploit the flaw over the network to inject and execute arbitrary commands, resulting in complete compromise of confidentiality, integrity, and availability on the affected device. The current and peak EPSS score stands at 0.3988 with no material rise indicated after disclosure.
The supplied references consist of GitHub files that document the command-injection vector but contain no information on patches, workarounds, or vendor mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41024
Vulnerability details
A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection via path parameter in upgrade_filter.asp web interface enables exploitation of public-facing application (T1190) and execution of arbitrary commands on the network device CLI (T1059.008).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.