ID

VAR-202410-1794


CVE

CVE-2024-48633


TITLE

D-Link Systems, Inc.  of  DIR-882  firmware and  DIR-878  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-023485

DESCRIPTION

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

Trust: 2.16

sources: NVD: CVE-2024-48633 // JVNDB: JVNDB-2024-023485 // CNVD: CNVD-2024-41699

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-41699

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-882scope:eqversion:1.30b06

Trust: 1.0

vendor:dlinkmodel:dir-878scope:eqversion:1.30b08

Trust: 1.0

vendor:d linkmodel:dir-882scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-878scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-882 fw130b06scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-878 fw130b08scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-48633
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-023485
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-41699
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-41699
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-48633
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-023485
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

EXTERNAL IDS

db:NVDid:CVE-2024-48633

Trust: 3.2

db:JVNDBid:JVNDB-2024-023485

Trust: 0.8

db:CNVDid:CNVD-2024-41699

Trust: 0.6

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

REFERENCES

url:https://www.dlink.com/en/security-bulletin/

Trust: 1.8

url:https://github.com/pjqwudi1/my_vuln/blob/main/d-link4/vuln_40/40.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-48633

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2024-48633/

Trust: 0.6

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

SOURCES

db:CNVDid:CNVD-2024-41699
db:JVNDBid:JVNDB-2024-023485
db:NVDid:CVE-2024-48633

LAST UPDATE DATE

2025-05-09T23:23:48.054000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-41699date:2024-10-25T00:00:00
db:JVNDBid:JVNDB-2024-023485date:2025-05-08T04:42:00
db:NVDid:CVE-2024-48633date:2025-05-07T16:06:48.313

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-41699date:2024-10-25T00:00:00
db:JVNDBid:JVNDB-2024-023485date:2025-05-08T00:00:00
db:NVDid:CVE-2024-48633date:2024-10-17T18:15:08.447