11-16-2024, 08:59 PM
Greetings & Salutations, Breachforums community.
Today I am bringing to the table a 'Critical Command Injection Vulnerability in D-Link NAS Devices'
Description:
CVE-2024-10914 is a critical command injection vulnerability affecting legacy D-Link Network Attached Storage (NAS) devices. This flaw, with a CVSS score of 9.2, allows unauthenticated attackers to execute arbitrary shell commands by exploiting improper input validation in the cgi_user_add command. The vulnerability can be triggered remotely using a specially crafted HTTP GET request, making it highly exploitable.
Link to checker on Github, reply below to get access if you are an un-upgraded member.
Today I am bringing to the table a 'Critical Command Injection Vulnerability in D-Link NAS Devices'
Description:
CVE-2024-10914 is a critical command injection vulnerability affecting legacy D-Link Network Attached Storage (NAS) devices. This flaw, with a CVSS score of 9.2, allows unauthenticated attackers to execute arbitrary shell commands by exploiting improper input validation in the cgi_user_add command. The vulnerability can be triggered remotely using a specially crafted HTTP GET request, making it highly exploitable.
Link to checker on Github, reply below to get access if you are an un-upgraded member.
Ban reason: Threatening forum members (Permanent)
