CVE-2024-24321
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
08/02/2024
Last modified:
20/06/2025
Description
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://dir-816a2.com
- https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md
- https://www.dlink.com/
- https://www.dlink.com/en/security-bulletin/
- http://dir-816a2.com
- https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md
- https://www.dlink.com/
- https://www.dlink.com/en/security-bulletin/