TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Exodus Intelligence

D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability

Exodus Advisories · 2024-01-25 · Read original ↗

ATT&CK techniques detected

1 predictions
T1190Exploit Public-Facing Application
89%
"d - link dap - 1650 gena. cgi subscribe command injection vulnerability eip - 13d90c2b the d - link dap - 1650 contains a command injection vulnerability in the gena. cgi module when handling upnp subscribe messages. an unauthenticated attacker can exploit this vulnerability to g…"

Summary

<p>EIP-13d90c2b The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence:&#160;EIP-13d90c2b MITRE: CVE-2024-23624 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 8.3 Vendor References The affected product is end-of-life ... <a class="read-more" href="https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/" title="D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability">Read more <span class="screen-reader-text">D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability</span></a></p> <p>The post <a href="https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/" rel="nofollow">D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability</a> appeared first on <a href="https://blog.exodusintel.com" rel="nofollow">Exodus Intelligence</a>.</p>