Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-33113

CWE-77 ā€” Command InjectionCWE-79 ā€” Cross-site Scripting (XSS)5 documents5 sources
Severity
5.3MEDIUM
EPSS
52.9%
top 2.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dir-845l Firmware
Timeline
PublishedMay 6
Latest updateOct 18

Description

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

ā–¶NVDdlink/dir-845l_firmware1.01krb03

šŸ”“Vulnerability Details

2
CVEList
CVE-2024-33113: D-LINK DIR-845L <=v1ā†—2024-05-06
ā–¶
GHSA
GHSA-vf5w-x6g7-5c7q: D-LINK DIR-845L <=v1ā†—2024-05-06
ā–¶

šŸ’„Exploits & PoCs

1
Nuclei
D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure
ā–¶

šŸ”Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-LINK DIR-845L Information Disclosure Attempt (CVE-2024-33113)ā†—2024-10-18
ā–¶
CVE-2024-33113 (MEDIUM CVSS 5.3) | D-LINK DIR-845L <=v1.01KRb03 is vul | cvebase.io