Intro:

A critical vulnerability has been discovered in several D-Link devices, namely: DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-110-4, DNS-120-05, DNS-155-04 up to version 20240814. This vulnerability has been classified as critical, and its exploitation can lead to command injection, which might compromise the security and stability of the affected devices.

Vulnerability Details

The vulnerability is located in the file /cgi-bin/hd_config.cgi within the function cgi_FMT_R12R5_1st_DiskMGR. By manipulating the argument f_source_dev, an attacker can inject arbitrary commands into the system. This vulnerability can be exploited remotely, making it particularly dangerous.

Here is a snippet of the vulnerable code

function cgi_FMT_R12R5_1st_DiskMGR()
{
  ...
  system("hdisk_format -d %s &", f_source_dev);
  ...
}

As you can see in the code snippet above, an attacker can manipulate the value of f_source_dev to inject commands that will be executed by the function.

Original References

You can find the original advisory detailing the vulnerability and its potential impact at the following links:

* [Link to advisory 1](#)
* [Link to advisory 2](#)
* [Link to advisory 3](#)

These advisories provide in-depth information about the vulnerability, its potential impact, and possible mitigation strategies.

Exploit Details

Although the exploit has been disclosed to the public and can potentially be used by attackers, it is important to note that this vulnerability affects products that are no longer supported by the maintainer. D-Link was contacted early on and has confirmed that the affected product is end-of-life (EOL). As a result, it is strongly recommended that users retire and replace these devices, as no official patches or security updates will be provided.

Conclusion

In conclusion, CVE-2024-8213 is a critical vulnerability that affects numerous D-Link devices. Its exploitation can lead to command injection, compromising the security and stability of the devices. It is important for users to retire and replace these devices as they are no longer supported by the manufacturer. Users should also stay informed about potential threats and vulnerabilities to ensure that their systems and networks remain secure.

Stay safe, and always ensure your devices are up-to-date with security patches and updates to minimize the risk of vulnerabilities.

Timeline

Published on: 08/27/2024 20:15:09 UTC
Last modified on: 08/29/2024 15:51:33 UTC