CVE-2024-0769: D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal

First published: Sun Jan 21 2024(Updated: )

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Credit: cna@vuldb.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/mitre-cve
• source/MITRE
• agent/weakness
• agent/references
• agent/description
• agent/type
• agent/title
• agent/first-publish-date
• agent/author
• agent/severity
• collector/epss-latest
• source/FIRST
• agent/epss
• agent/softwarecombine
• agent/tags
• agent/event
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/last-modified-date
• collector/bleeping-computer
• source/BleepingComputer
• alias/CVE-2024-0769
• vendor/dlink
• canonical/dlink dir-859 firmware
• version/dlink dir-859 firmware/1.06-beta1
• canonical/dlink dir-859