CVE-2024-7357 — OS Command Injection in D-link Dir-600

CWE-78 — OS Command Injection3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.8%

top 26.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-600 Firmware D-link Dir-600

Timeline

PublishedAug 1

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDdlink/dir-600_firmware2.18

▶CVEListV5d-link/dir-60019 versions+18

🔴Vulnerability Details

CVEList

D-Link DIR-600 soap.cgi soapcgi_main os command injection↗2024-08-01

▶

GHSA

GHSA-xpp7-8hj9-vwrw: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2↗2024-08-01

▶