D-Link DI-8100 16.07: Command Injection via msp_info.htm cmd
CVE-2024-7436 Published on August 3, 2024
D-Link DI-8100 msp_info.htm msp_info_htm command injection
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2024-7436 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2024-7436
Want to know whenever a new CVE is published for D-Link Di 8100 Firmware? stack.watch will email you.
Affected Versions
D-Link DI-8100:- Version 16.07 is affected.
- Version 16.07 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.