Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-29385

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Mar, 2024 | 00:00
Updated At-23 Aug, 2024 | 19:31
Rejected At-
Credits

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Mar, 2024 | 00:00
Updated At:23 Aug, 2024 | 19:31
Rejected At:
▼CVE Numbering Authority (CNA)

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dlink.com/en/security-bulletin/
N/A
https://github.com/songah119/Report/blob/main/CI-1.md
N/A
Hyperlink: https://www.dlink.com/en/security-bulletin/
Resource: N/A
Hyperlink: https://github.com/songah119/Report/blob/main/CI-1.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dlink.com/en/security-bulletin/
x_transferred
https://github.com/songah119/Report/blob/main/CI-1.md
x_transferred
Hyperlink: https://www.dlink.com/en/security-bulletin/
Resource:
x_transferred
Hyperlink: https://github.com/songah119/Report/blob/main/CI-1.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
D-Link Corporationdlink
Product
dir-845l_firmware
CPEs
  • cpe:2.3:o:dlink:dir-845l_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.01KRb03 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.0CRITICAL
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Mar, 2024 | 17:15
Updated At:17 Jun, 2025 | 14:09

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.0CRITICAL
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
D-Link Corporation
dlink
>>dir-845l_firmware>>Versions up to 1.01krb03(inclusive)
cpe:2.3:o:dlink:dir-845l_firmware:*:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-845l>>-
cpe:2.3:h:dlink:dir-845l:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-77
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/songah119/Report/blob/main/CI-1.mdcve@mitre.org
Exploit
Third Party Advisory
https://www.dlink.com/en/security-bulletin/cve@mitre.org
Product
https://github.com/songah119/Report/blob/main/CI-1.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.dlink.com/en/security-bulletin/af854a3a-2127-422b-91ae-364da2661108
Product
Hyperlink: https://github.com/songah119/Report/blob/main/CI-1.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.dlink.com/en/security-bulletin/
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://github.com/songah119/Report/blob/main/CI-1.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.dlink.com/en/security-bulletin/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

214Records found
CVE-2023-43206
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-1.61% / 81.41%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dwl-6610apdwl-6610ap_firmwaren/adwl-6610ap_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-36523
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.14% / 89.63%
||
7 Day CHG~0.00%
Published-15 Aug, 2022 | 16:30
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-go-rt-ac750go-rt-ac750_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-37125
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-21.88% / 95.62%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 21:42
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-44335
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.12% / 77.86%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 00:00
Updated-09 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-n/adi-7400g\+v2_firmwaredi-7003gv2_firmwaredi-7200gv2_firmwaredi-7100gv2_firmwaredi-7100g\+v2_firmwaredi-7003g_firmwaredi-7200g\+v2_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-44402
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.42% / 84.80%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 00:00
Updated-10 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8100gdi-8100g_firmwaren/adi-8100g
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-34974
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.31% / 95.67%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 14:06
Updated-03 Nov, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-810l_firmwaredir-810ln/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-14884
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.66% / 70.47%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 17:02
Updated-07 Jan, 2026 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-605 Firmware Update Service command injection

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-605_firmwaredir-605DIR-605
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-14225
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.58%
||
7 Day CHG-0.02%
Published-08 Dec, 2025 | 09:02
Updated-11 Dec, 2025 | 00:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-930L alphapd setSystemAdmin command injection

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-930ldcs-930l_firmwareDCS-930L
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-13562
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 61.25%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 18:02
Updated-26 Nov, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-852 gena.cgi command injection

A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-852dir-852_firmwareDIR-852
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-11092
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.13%
||
7 Day CHG~0.00%
Published-28 Sep, 2025 | 02:02
Updated-02 Oct, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-823X set_switch_settings sub_412E7C command injection

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-823x_firmwaredir-823xDIR-823X
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-47460
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9||CRITICAL
EPSS-1.67% / 81.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 22:46
Updated-09 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10arubaosinstant
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-15180
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9||CRITICAL
EPSS-3.08% / 86.45%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 19:45
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

Action-Not Available
Vendor-galeraclusterperconan/aMariaDB FoundationDebian GNU/Linux
Product-xtradb_clustergalera_cluster_for_mysqldebian_linuxmariadbmariadb
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-45025
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-9||CRITICAL
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 16:05
Updated-16 Jun, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero, QuTScloud

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqutscloudqtsQTSQuTScloudQuTS hero
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-23369
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-9||CRITICAL
EPSS-11.81% / 93.54%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 16:34
Updated-27 Feb, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, Multimedia Console, and Media Streaming add-on

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-multimedia_consoleqtsmedia_streaming_add-onQTSMedia Streaming add-onMultimedia Console
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found