CVE-2024-8132
Published: 24 August 2024
Summary
CVE-2024-8132 is a medium-severity Command Injection (CWE-77) vulnerability in Dlink Dns-1550-04 Firmware. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 4.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A command injection vulnerability exists in the webdav_mgr function within the /cgi-bin/webdav_mgr.cgi file of the HTTP POST Request Handler on multiple D-Link NAS products, including DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814. The issue stems from improper handling of the f_path argument and is tracked under CWE-77 and CWE-78. All listed devices have reached end-of-life status and receive no further support.
An authenticated remote attacker can supply a crafted f_path value in an HTTP POST request to the affected endpoint, resulting in arbitrary command execution on the device. Public exploit code has been released, enabling potential unauthorized access or manipulation of files and services on the NAS.
D-Link's security advisory SAP10383 and direct vendor communication confirm the products are end-of-life, explicitly advising users to retire and replace the hardware rather than apply mitigations or firmware updates. The associated EPSS score has remained near 0.23 with only minimal fluctuation since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48960
Vulnerability details
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function…
more
webdav_mgr of the file /cgi-bin/webdav_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.