Vulnerability Details CVE-2024-48635
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2024-48635
-
cpe:2.3:h:dlink:dir-878:-
-
cpe:2.3:h:dlink:dir-882:-
-
cpe:2.3:o:dlink:dir-878_firmware:1.30b08
-
cpe:2.3:o:dlink:dir-882_firmware:1.30b06