CVE-2024-33112 — OS Command Injection in Dlink Dir-845l Firmware

CWE-78 — OS Command Injection CWE-77 — Command Injection6 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-845l Firmware

Timeline

PublishedMay 6

Description

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDdlink/dir-845l_firmware1.01krb03

🔴Vulnerability Details

GHSA

GHSA-q9cc-2q3j-jfm7: D-Link DIR-845L router v1↗2024-05-06

▶

CVEList

CVE-2024-33112: D-Link DIR-845L router v1↗2024-05-06

▶

VulnCheck

D-Link DIR-845L HNAP OS Command Injection↗2024

▶

🔍Detection Rules

Suricata

ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)↗2021-11-17

▶