CVE-2024-7715 Information

Description

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DNS-120 DNR-202L DNS-315L DNS-320 DNS-320L DNS-320LW DNS-321 DNR-322L DNS-323 DNS-325 DNS-326 DNS-327L DNR-326 DNS-340L DNS-343 DNS-345 DNS-726-4 DNS-1100-4 DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Reference

https://vuldb.com/?id.274281 https://vuldb.com/?ctiid.274281 https://vuldb.com/?submit.389261 https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383