Cyber Resilience

CVE-2024-7922

MediumPublic PoC

Published: 19 August 2024

Published
19 August 2024
Modified
20 August 2024
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1187 93.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7922 is a medium-severity Command Injection (CWE-77) vulnerability in Dell Dns-120 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-7922 is a command-injection vulnerability (CWE-77) affecting the myMusic.cgi endpoint on numerous end-of-life D-Link NAS models, including DNS-120, DNR-202L, DNS-315L, DNS-320 through DNS-345, DNR-322L, DNR-326, and the DNS-726/1100/1200/1550 series, all firmware versions up to 20240814. Unauthenticated manipulation of the cgi_audio_search, cgi_create_playlist, cgi_get_tracks_list and related CGI functions allows arbitrary command execution on the device.

An attacker with network access and valid credentials for a low-privileged account can send crafted HTTP requests to the affected CGI handlers, resulting in remote command execution with the privileges of the web server process. Public proof-of-concept code for several of the listed functions has already been released.

D-Link’s security advisory SAP10383 and vendor statements confirm that all listed products reached end-of-life status prior to disclosure; no patches will be issued and users are advised to retire the devices. The associated EPSS score rose from a low baseline to a peak of 0.2108, indicating measurable post-disclosure exploitation interest that warrants renewed attention for any remaining deployed units.

EU & UK References

Vulnerability details

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the…

more

function cgi_audio_search/cgi_create_playlist/cgi_get_album_all_tracks/cgi_get_alltracks_editlist/cgi_get_artist_all_album/cgi_get_genre_all_tracks/cgi_get_tracks_list/cgi_set_airplay_content/cgi_write_playlist of the file /cgi-bin/myMusic.cgi. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
dns-120 firmware
all versions
dell
dnr-202l firmware
all versions
dell
dns-315l firmware
all versions
dell
dns-320 firmware
all versions
dell
dns-320l firmware
all versions
dell
dns-320lw firmware
all versions
dell
dns-321 firmware
all versions
dell
dnr-322l firmware
all versions
dell
dns-323 firmware
all versions
dell
dns-325 firmware
all versions
+10 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References