Exploit
CVE-2024-8132

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Aug 24, 2024 / Updated: 2mo ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A critical vulnerability has been discovered in multiple D-Link Network Attached Storage (NAS) devices. The vulnerability affects the webdav_mgr function in the /cgi-bin/webdav_mgr.cgi file, which is part of the HTTP POST Request Handler. By manipulating the f_path argument, an attacker can execute arbitrary commands on the affected systems. This vulnerability can be exploited remotely and does not require user interaction or special privileges. The affected devices include D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It's important to note that this vulnerability only affects products that are no longer supported by the maintainer and have been confirmed by the vendor to be end-of-life.

Impact

The impact of this vulnerability is severe. An attacker who successfully exploits this vulnerability can gain full control over the affected D-Link NAS devices. This could lead to: 1. Unauthorized access to sensitive data stored on the NAS 2. Modification or deletion of files 3. Use of the compromised device as a foothold for further network intrusion 4. Potential disruption of services provided by the NAS The CVSS v3.1 base score of 9.8 (Critical) indicates that this vulnerability has high impact on confidentiality, integrity, and availability of the affected systems.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

According to the information provided, a patch is available. D-Link has published information about this vulnerability on their support announcement page: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 However, it's important to note that this vulnerability affects products that are no longer supported by D-Link. The vendor has confirmed that these products are end-of-life.

Mitigation

Given that the affected products are end-of-life and no longer supported by D-Link, the primary mitigation recommendation is to retire and replace these devices. In the meantime, if immediate replacement is not possible, consider the following mitigation steps: 1. Isolate affected NAS devices from the internet and restrict network access to them. 2. Implement strong network segmentation to limit potential lateral movement if a device is compromised. 3. Monitor these devices closely for any signs of suspicious activity. 4. Regularly backup data stored on these devices to a secure, unaffected system. 5. If possible, disable the vulnerable WebDAV functionality. 6. Plan for immediate replacement of these end-of-life devices with current, supported models that receive regular security updates.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-8132. See article

Aug 24, 2024 at 6:15 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 24, 2024 at 6:15 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 28, 2024 at 9:23 PM / nvd
Static CVE Timeline Graph

Affected Systems

Dlink/dnr-326_firmware
+null more

Exploits

https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_webdav_mgr.md
+null more

Patches

supportannouncement.us.dlink.com
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

Update Fri Sep 27 06:35:53 UTC 2024
Update Fri Sep 27 06:35:53 UTC 2024
CVE-2024-8132 Exploit
CVE Id : CVE-2024-8132 Published Date: 2024-08-27T15:35:00+00:00 A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function webdav_mgr of the file /cgi-bin/webdav_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-8132
NOTE: This vulnerability only affects products that are no longer supported by the maintainer. It has been classified as critical.
NA - CVE-2024-8132 - A vulnerability was found in D-Link DNS-120,...
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345,...
CVE-2024-8132
NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Gravedad 3.1 (CVSS 3.1 Base Score)
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI