Cyber Resilience

CVE-2024-51151

CriticalPublic PoCRCE

Published: 21 November 2024

Published
21 November 2024
Modified
22 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4327 97.6th percentile
Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51151 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Di-8200 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DI-8200 firmware version 16.07.26A1 is affected by a remote command execution vulnerability in the msp_info_htm function. The flaw is reachable through the flag and cmd parameters and is tracked under CWE-77 and CWE-78, receiving a CVSS 3.1 score of 9.8 reflecting network-accessible, unauthenticated exploitation with full impact on confidentiality, integrity, and availability.

An attacker with network connectivity can submit malicious values for the affected parameters to execute arbitrary operating-system commands on the device without authentication or user interaction, resulting in complete device compromise.

A technical report containing further details and reproduction information has been published at the referenced GitHub location. The EPSS score for this CVE is currently 0.4327, matching its observed peak with no material upward trajectory after disclosure.

EU & UK References

Vulnerability details

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

The vulnerability enables remote command execution via unsanitized web parameters (flag and cmd) in the msp_info_htm function on a network device web interface, facilitating exploitation of public-facing applications, remote services, and network device CLI abuse.

Affected Assets

dlink
di-8200 firmware
16.07.26a1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References