CVE-2024-8127

Published Aug 24, 2024

Last updated 3 months ago

CVSS medium 5.3

Overview

Description: A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_unzip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
Source: cna@vuldb.com
NVD status: Analyzed
CNA Tags: unsupported-when-assigned

Risk scores

CVSS 4.0

Type: Secondary
Base score: 5.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Secondary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78
cna@vuldb.com: CWE-77

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2C1EF70-AD9B-48D7-8DF6-A6416C517F12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E691E775-382C-4BA9-AA44-FBC3148D3E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42DA6DEB-3578-44A5-916F-1628141F0DDE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D042C75D-6731-46B2-B11E-A009B9029B3F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CAFE1E3-B705-4CF1-AEB9-A474432B6D34"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D5D08ED7-3E7F-4D30-890E-6535F6C34682"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A74D270-9076-474D-A06F-C915FCEA2164"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "75E5010F-21BA-4B6B-B00C-2688268FD67B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12C5E2D7-018E-4ED1-92C7-B5B1D8CC6990"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C7E56821-7EA0-4CA1-BA17-7FD4ED9F794C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD656642-EDD4-4EB2-81AB-04207BC14196"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F968791D-D3BD-442C-818E-4E878B12776D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39FF9666-8493-4A36-A199-1190AD8FAF3D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0646B20C-5642-4CEA-A96C-7E82AD94A281"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "816E5F34-CE76-49E5-91F3-8CC84C561558"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "33CB308B-CF82-4E40-B2DC-23EBD48CD130"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "172D5EFF-E0DF-4A99-8499-71450A46A86C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB305B29-7F89-4A52-9ECF-3DB0BDD2350D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5E6F048-D865-4378-87C7-B0E528134276"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D26F4F77-A6E3-4D7D-A781-BEB5FF7BC44F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16954393-3449-438A-978C-265EE3A35FF8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8042169D-D9FA-4BD6-90D1-E0DE269E42B9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "641CB5F1-3DE0-480B-95A4-FC42A8FF3C97"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "94ED678A-AB4C-4637-B0D8-C232A0BB5D5F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD3AD5EE-8E1E-4336-A1AB-AB028CC71286"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DAF62A4-2429-4B89-8FAD-8B23EF15E050"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC28053F-88A9-4CA1-A2A2-CC90FEEA68FC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A278BC9-6197-43D9-93C2-3DF760856FB7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FE78C5B-2A98-47EE-BF67-CF58AFE50A37"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45467ABC-BAA9-4EB0-9F97-92E31854CA8B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4599D769-0210-4D49-9896-9AD1376A037E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C677E53-6885-4EC4-A7CC-E24E8F445F59"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4452F9A4-3A0A-4773-9818-04C94CF9F8E7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8CFCD7B-EFFB-4FAB-9537-46AC7B567126"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "03C5CED7-55A7-4026-95CD-A2ADB5853823"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96195649-172A-4C21-AA15-7B05F86C5CEC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "07A92F2C-16FD-4A53-8066-83FEC2818DF5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C44BE2C6-BF3E-43C3-B32F-2DCE756F94BC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6E161E54-2FE9-4359-9B2D-8700D00DE8E7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 4.0

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References