CRITICAL🇵🇱 Wersja polska

CVE-2024-23624

CVSS 9.6v3.1pub. 2024-01-26upd. 2024-11-21

A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Dlink Dap 1650

    HW
    Dlink
    wszystkie wersje
  • Dlink Dap 1650 Firmware

    OS
    Dlink
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-40505CRITICAL9.3PL ✓ten sam produkt

Path Traversal w D-Link DAP-1650 umożliwiający eskalację uprawnień

CVE-2024-23625CRITICAL9.6PL ✓ten sam produkt

Command injection w D-Link DAP-1650 przez wiadomości UPnP SUBSCRIBE

CVE-2022-36588CRITICAL9.8ten sam produkt

In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerabili...

CVE-2019-12768CRITICAL9.8ten sam produkt

An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can...

CVE-2019-12767CRITICAL9.8ten sam produkt

An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrar...