CVE-2024-48632
published 2024-10-17CVE-2024-48632: D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts…
high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-878_firmware | — | — |
| dlink | dir-882_firmware | — | — |