CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44333
https://notcve.org/view.php?id=CVE-2024-44333
09 Sep 2024 — D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp. • https://gist.github.com/Swind1er/c8656b32058e28e64f92d100c92ca12c • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44335
https://notcve.org/view.php?id=CVE-2024-44335
09 Sep 2024 — D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp. • https://gist.github.com/Swind1er/029fb2a9dab916f926fab40cc059223f • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44334
https://notcve.org/view.php?id=CVE-2024-44334
09 Sep 2024 — D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp. • https://gist.github.com/Swind1er/563789899a7a4b9c261045a15efea952 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •