CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-23624

A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.1

EPSS Ranking 92.7%

CVSS Severity

CVSS v3 Score 9.6

CVSS v2 Score 8.3

References

https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/
https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/

Products affected by CVE-2024-23624

Dlink » Dap-1650 » Version: N/A

cpe:2.3:h:dlink:dap-1650:-
Dlink » Dap-1650 Firmware » Version: N/A

cpe:2.3:o:dlink:dap-1650_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23624

Products

Pricing

Contact Us