CVE-2024-51186

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Nov 11, 2024 / Updated: 8d ago

010
CVSS 8EPSS 0.05%High
CVE info copied to clipboard

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51186

Nov 11, 2024 at 8:15 PM
First Article

Feedly found the first article mentioning CVE-2024-51186. See article

Nov 11, 2024 at 8:24 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.8%)

Nov 12, 2024 at 9:54 AM
CVSS

A CVSS base score of 8 has been assigned.

Nov 12, 2024 at 7:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

D-link/dir-820l_firmware
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

CVE-2024-51186
High Severity Description D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Read more at https://www.tenable.com/cve/CVE-2024-51186
NA - CVE-2024-51186 - D-Link DIR-820L 1.05b03 was discovered to...
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
CVE-2024-51186 - D-Link DIR-820L Remote Code Execution
CVE ID : CVE-2024-51186 Published : Nov. 11, 2024, 8:15 p.m. 54 minutes ago Description : D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51186
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6...
CVE-2024-51186 | D-Link DIR-820L 1.05b03 ping_v4/ping_v6 ping_addr Privilege Escalation
A vulnerability, which was classified as critical , has been found in D-Link DIR-820L 1.05b03 . Affected by this issue is the function ping_v4/ping_v6 . The manipulation of the argument ping_addr leads to Privilege Escalation. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-51186 . The attack may be launched remotely. There is no exploit available.
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI