CVE-2024-48633: Command Injection
First published: Thu Oct 17 2024(Updated: )
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-882 Firmware | ||
| D-Link DIR-878 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-48633?
CVE-2024-48633 is rated as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-48633?
To mitigate CVE-2024-48633, update to the latest firmware versions for D-Link DIR-882 and DIR-878 provided by D-Link.
What are the affected products of CVE-2024-48633?
The affected products of CVE-2024-48633 include D-Link DIR-882 and DIR-878 routers.
What type of vulnerability is CVE-2024-48633?
CVE-2024-48633 is classified as a command injection vulnerability.
What parameters are involved in CVE-2024-48633?
CVE-2024-48633 involves command injection through the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters.
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/d-link
- canonical/d-link dir-882 firmware
- canonical/d-link dir-878