CVE-2024-48633

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_40/40.md	Broken Link
https://www.dlink.com/en/security-bulletin/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-882_firmware:1.30b06:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dir-878_firmware:1.30b08:-:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*

History

07 May 2025, 16:06

Type	Values Removed	Values Added
References	~~() https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_40/40.md -~~	() https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_40/40.md - Broken Link
References	~~() https://www.dlink.com/en/security-bulletin/ -~~	() https://www.dlink.com/en/security-bulletin/ - Product
First Time		Dlink Dlink dir-882 Firmware Dlink dir-878 Firmware Dlink dir-878 Dlink dir-882
CPE		cpe:2.3:o:dlink:dir-878_firmware:1.30b08:-:::::: cpe:2.3:h:dlink:dir-878:-:::::::* cpe:2.3:h:dlink:dir-882:-:::::::* cpe:2.3:o:dlink:dir-882_firmware:1.30b06:::::::*

Information

Published : 2024-10-17 18:15

Updated : 2025-05-07 16:06

NVD link : CVE-2024-48633

Mitre link : CVE-2024-48633

CVE.ORG link : CVE-2024-48633

JSON object : View

Products Affected

dlink

dir-878
dir-882_firmware
dir-882
dir-878_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-48633", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2024-10-17T18:15:08.447", "references": [{"url": "https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_40/40.md", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request."}, {"lang": "es", "value": "Se descubri\u00f3 que DIR_882_FW130B06 y DIR_878 DIR_878_FW130B08 de D-Link contienen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos a trav\u00e9s de los par\u00e1metros ExternalPort, InternalPort, ProtocolNumber y LocalIPAddress en la funci\u00f3n SetVirtualServerSettings. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s de una solicitud POST manipulada."}], "lastModified": "2025-05-07T16:06:48.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-882_firmware:1.30b06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECEECA9D-716E-4C4D-A299-F3BA3D0C790B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F6ECB8ED-F3A2-4C05-8570-719ECB166B09"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-878_firmware:1.30b08:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40DB96AF-1231-4F31-8386-495EAFEB756B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D288C73-F89A-47FF-AF11-143C3DFDF942"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}