CVE-2024-44400

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
39.9%
top 2.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Di-8400 Firmware
Timeline
PublishedSep 4

Description

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDdlink/di-8400_firmware16.07.26a1

🔴Vulnerability Details

2
CVEList
CVE-2024-44400: A vulnerability was discovered in DI_8400-162024-09-04
GHSA
GHSA-xh53-849p-cfvq: D-Link DI-8400 162024-09-04
CVE-2024-44400 (CRITICAL CVSS 9.8) | A vulnerability was discovered in D | cvebase.io