In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 23-24, 2024.
During this period, The National Vulnerability Database published 120, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 30
Medium: 48
Low: 2
Severity Not Assigned: 37
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4978
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
References: https://twitter.com/2RunJack2/status/1775052981966377148
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4662
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges.
References: https://oxygenbuilder.com/oxygen-4-8-3-now-available-security-update/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8706c3f6-64e0-440e-a802-5c80d9cc3643?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4347
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment.
References: https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-2038
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.
References: https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/tags/3.18/inc/wpf_api.php
https://plugins.trac.wordpress.org/changeset?old=3076514&old_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php&new=3090249&new_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/29532f4d-e830-4c99-ad77-076eebbbe98d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4835
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.8
Description: A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/461328
https://hackerone.com/reports/2497024
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-30279
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-30280
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-35186
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0.
References: https://github.com/Byron/gitoxide/security/advisories/GHSA-7w47-3wg8-547c
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4779
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3090199/unlimited-elements-for-elementor/trunk/provider/functions_wordpress.class.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/b155f8ca-9d09-47d7-a7c2-7744df029c19?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-26139
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
References: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9
CWE-ID: CWE-284 CWE-657
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-34060
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.
References: https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca
https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-35224
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions "Edit work packages" as well as "Add attachments". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2.
References: https://community.openproject.org/projects/openproject/work_packages/55198/relations
https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc
CWE-ID: CWE-80
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-4471
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Thanks,
Francesco
References: https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/libs/demo-export/classes/class-demo-export-admin.php#L86
https://plugins.trac.wordpress.org/changeset/3090127/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c517278-9d2a-4ef6-bf0e-a62f6b00dd20?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5168
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-vulnerability-prodys-quantum-audio-codec
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-5084
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormBuilder.php#L764
https://plugins.trac.wordpress.org/changeset/3090341/
https://www.wordfence.com/threat-intel/vulnerabilities/id/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-5085
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormEntry.php#L353
https://plugins.trac.wordpress.org/changeset/3090341/
https://www.wordfence.com/threat-intel/vulnerabilities/id/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-5201
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request
References: https://portal.microfocus.com/s/article/KM000029985
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-5202
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices
References: https://portal.microfocus.com/s/article/KM000029988
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-5227
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication.
The specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-499/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-5228
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-500/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-5242
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-501/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-5243
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-502/
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-5245
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755.
References: https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004
https://www.zerodayinitiative.com/advisories/ZDI-24-496/
CWE-ID: CWE-1392
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-5246
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.
References: https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004
https://www.zerodayinitiative.com/advisories/ZDI-24-497/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-5247
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.
The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22923.
References: https://kb.netgear.com/000066165/Security-Advisory-for-Missing-Function-Level-Access-Control-on-the-NMS300-PSV-2024-0005
https://www.zerodayinitiative.com/advisories/ZDI-24-498/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-5291
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21235.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-442/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-5292
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-443/
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5293
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-444/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-5295
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-446/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-5296
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21991.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-447/
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-5297
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the executeWmicCmd method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21821.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-448/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-5298
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the queryDeviceCustomMonitorResult method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21842.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-449/
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-5299
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the execMonitorScript method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21828.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-450/
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 23-24, 2024.
During this period, The National Vulnerability Database published 120, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 30
Medium: 48
Low: 2
Severity Not Assigned: 37
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4978
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
References: https://twitter.com/2RunJack2/status/1775052981966377148
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4662
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges.
References: https://oxygenbuilder.com/oxygen-4-8-3-now-available-security-update/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8706c3f6-64e0-440e-a802-5c80d9cc3643?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4347
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment.
References: https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-2038
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.
References: https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/tags/3.18/inc/wpf_api.php
https://plugins.trac.wordpress.org/changeset?old=3076514&old_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php&new=3090249&new_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/29532f4d-e830-4c99-ad77-076eebbbe98d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-4835
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.8
Description: A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.
References: https://gitlab.com/gitlab-org/gitlab/-/issues/461328
https://hackerone.com/reports/2497024
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-30279
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-30280
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References: https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-35186
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0.
References: https://github.com/Byron/gitoxide/security/advisories/GHSA-7w47-3wg8-547c
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4779
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3090199/unlimited-elements-for-elementor/trunk/provider/functions_wordpress.class.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/b155f8ca-9d09-47d7-a7c2-7744df029c19?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-26139
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
References: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9
CWE-ID: CWE-284 CWE-657
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-34060
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.
References: https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca
https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-35224
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions "Edit work packages" as well as "Add attachments". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2.
References: https://community.openproject.org/projects/openproject/work_packages/55198/relations
https://github.com/opf/openproject/security/advisories/GHSA-h26c-j8wg-frjc
CWE-ID: CWE-80
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-4471
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Thanks,
Francesco
References: https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/libs/demo-export/classes/class-demo-export-admin.php#L86
https://plugins.trac.wordpress.org/changeset/3090127/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c517278-9d2a-4ef6-bf0e-a62f6b00dd20?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5168
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-vulnerability-prodys-quantum-audio-codec
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-5084
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormBuilder.php#L764
https://plugins.trac.wordpress.org/changeset/3090341/
https://www.wordfence.com/threat-intel/vulnerabilities/id/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-5085
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormEntry.php#L353
https://plugins.trac.wordpress.org/changeset/3090341/
https://www.wordfence.com/threat-intel/vulnerabilities/id/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-5201
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request
References: https://portal.microfocus.com/s/article/KM000029985
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-5202
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices
References: https://portal.microfocus.com/s/article/KM000029988
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-5227
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication.
The specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-499/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-5228
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-500/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-5242
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-501/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-5243
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-502/
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-5245
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755.
References: https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004
https://www.zerodayinitiative.com/advisories/ZDI-24-496/
CWE-ID: CWE-1392
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-5246
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.
References: https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004
https://www.zerodayinitiative.com/advisories/ZDI-24-497/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-5247
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.
The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22923.
References: https://kb.netgear.com/000066165/Security-Advisory-for-Missing-Function-Level-Access-Control-on-the-NMS300-PSV-2024-0005
https://www.zerodayinitiative.com/advisories/ZDI-24-498/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-5291
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21235.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-442/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-5292
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-443/
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5293
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-444/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-5295
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-446/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-5296
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21991.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-447/
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-5297
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the executeWmicCmd method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21821.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-448/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-5298
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the queryDeviceCustomMonitorResult method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21842.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-449/
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-5299
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the execMonitorScript method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21828.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-450/
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found