Details of VAR-202410-1794

ID

VAR-202410-1794

CVE

CVE-2024-48633

TITLE

D-Link Systems, Inc. of DIR-882 firmware and DIR-878 in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-023485

DESCRIPTION

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

Trust: 2.16

sources: NVD: CVE-2024-48633 // JVNDB: JVNDB-2024-023485 // CNVD: CNVD-2024-41699

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41699

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-882	scope:	eq	version:	1.30b06	Trust: 1.0
vendor:	dlink	model:	dir-878	scope:	eq	version:	1.30b08	Trust: 1.0
vendor:	d link	model:	dir-882	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-878	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-882 fw130b06	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-878 fw130b08	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-48633
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-023485
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-41699
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-41699
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-48633
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-023485
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

EXTERNAL IDS

db:	NVD	id:	CVE-2024-48633	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-023485	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41699	Trust: 0.6

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.8
url:	https://github.com/pjqwudi1/my_vuln/blob/main/d-link4/vuln_40/40.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-48633	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2024-48633/	Trust: 0.6

sources: CNVD: CNVD-2024-41699 // JVNDB: JVNDB-2024-023485 // NVD: CVE-2024-48633

SOURCES

db:	CNVD	id:	CNVD-2024-41699
db:	JVNDB	id:	JVNDB-2024-023485
db:	NVD	id:	CVE-2024-48633

LAST UPDATE DATE

2025-05-09T23:23:48.054000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41699	date:	2024-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-023485	date:	2025-05-08T04:42:00
db:	NVD	id:	CVE-2024-48633	date:	2025-05-07T16:06:48.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41699	date:	2024-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-023485	date:	2025-05-08T00:00:00
db:	NVD	id:	CVE-2024-48633	date:	2024-10-17T18:15:08.447