CVE-2024-10914

Nov. 24, 2024, 3:15 p.m.

8.1
High

Description

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Product(s) Impacted

Vendor Product Versions
Dlink
  • Dns-320 Firmware
  • Dns-320
  • Dns-320lw Firmware
  • Dns-320lw
  • Dns-325 Firmware
  • Dns-325
  • Dns-340l Firmware
  • Dns-340l
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-707
Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o dlink dns-320_firmware / / / / / / / /
h dlink dns-320 - / / / / / / /
o dlink dns-320lw_firmware / / / / / / / /
h dlink dns-320lw - / / / / / / /
o dlink dns-325_firmware / / / / / / / /
h dlink dns-325 - / / / / / / /
o dlink dns-340l_firmware / / / / / / / /
h dlink dns-340l - / / / / / / /

References

https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07?pvs=4
https://vuldb.com/?ctiid.283309
https://vuldb.com/?id.283309
https://vuldb.com/?submit.432847
https://www.dlink.com/
https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/

Tags

CWE-74
cna@vuldb.com
CWE-707
2024-11-06
CVE-2024-10914

CVSS Score

8.1 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Nov. 6, 2024, 2:15 p.m.
Last Modified: Nov. 24, 2024, 3:15 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

Linked Attack Reports

Mass Scanning and Exploit Campaigns

Trustwave SpiderLabs has identified ongoing malicious activities originating from Proton66 ASN, including vulnerability scanning, exploit attempts, and phishing campaigns. The investigation revealed connections between Proton66 and bulletproof hosting services advertised on underground forums. Mass…
ransomware
vulnerability exploitation
CVE-2024-41713
CVE-2024-10914
CVE-2024-55591
CVE-2025-24472
CVE-2025-0108
superblack
bulletproof hosting
2025-05-16
exploit campaigns
critical vulnerabilities
mass scanning
underground forums
Published: May 16, 2025
Linked vulnerabilities : CVE-2024-41713 (CVSS 7.5), CVE-2024-10914 (CVSS 8.1), CVE-2024-55591 (CVSS 9.8), CVE-2025-24472 (CVSS 8.1), CVE-2025-0108 (CVSS 9.1)
Downloadable IOCs: 22

RondoDox v2: Evolution of RondoDox Botnet with 650% More Exploits

The RondoDox botnet has undergone a significant evolution, expanding its capabilities and target range. This new variant, RondoDox v2, demonstrates a 650% increase in exploitation vectors, moving beyond niche DVR targeting to include enterprise applications. Key features include over 75 exploitatio…
obfuscation
exploit
persistence
ddos
iot
botnet
CVE-2015-2051
enterprise
CVE-2018-10561
CVE-2021-41773
CVE-2024-7029
CVE-2024-10914
CVE-2023-1389
CVE-2017-18368
CVE-2024-12856
CVE-2024-12847
CVE-2025-22905
CVE-2023-26801
CVE-2023-52163
CVE-2025-1829
CVE-2025-4008
CVE-2025-5504
CVE-2024-3721
CVE-2025-34037
rondodox
CVE-2022-44149
2025-11-10
CVE-2019-16920
CVE-2025-7414
CVE-2023-47565
CVE-2016-6277
CVE-2022-37129
CVE-2022-36553
CVE-2014-1635
CVE-2018-11714
CVE-2017-18369
CVE-2020-10987
multi-architecture
CVE-2021-42013
CVE-2023-25280
command-injection
CVE-2023-51833
CVE-2014-6271
CVE-2020-27867
CVE-2020-25506
Published: November 10, 2025
Linked vulnerabilities : CVE-2024-7029 (CVSS 8.8), CVE-2024-10914 (CVSS 8.1), CVE-2024-12856 (CVSS 7.2), CVE-2024-12847 (CVSS 9.8), CVE-2025-22905 (CVSS 9.8), CVE-2023-52163 (CVSS 5.9), CVE-2025-1829 (CVSS 6.3), CVE-2015-2051, CVE-2021-41773, CVE-2017-10271, CVE-2018-10561, CVE-2023-1389, CVE-2017-18368, CVE-2025-4008 (CVSS 9.4), CVE-2025-5504 (CVSS 5.3), CVE-2024-3721, CVE-2025-34037 (CVSS 10.0), CVE-2022-44149, CVE-2022-37129, CVE-2022-36553, CVE-2020-27867, CVE-2018-11714, CVE-2017-18369, CVE-2014-1635, CVE-2025-7414, CVE-2020-25506, CVE-2020-10987, CVE-2023-47565, CVE-2023-25280, CVE-2021-42013, CVE-2014-6271, CVE-2019-16920, CVE-2016-6277, CVE-2023-26801, CVE-2023-51833
Downloadable IOCs: 20

Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities

A new threat actor is distributing the RondoDox malware, a variant of Mirai, targeting IoT devices. The actor uses residential IP addresses for distribution and employs over a dozen exploits to target various IoT vulnerabilities. The malware's first stage is a shell script that attempts to disable …
command injection
iot
botnet
mirai
multi-platform
CVE-2024-10914
CVE-2023-1389
CVE-2025-4008
CVE-2024-3721
CVE-2025-34043
rondodox
CVE-2025-9528
CVE-2013-1599
CVE-2022-36553
CVE-2020-10987
2025-11-26
shell script
residential infrastructure
mirai variant
CVE-2020-9054
CVE-2023-23333
CVE-2014-3206
CVE-2023-41011
CVE-2022-40619
Published: November 26, 2025
Linked vulnerabilities : CVE-2024-4577 (CVSS 9.8), CVE-2024-10914 (CVSS 8.1), CVE-2022-42475, CVE-2017-9841, CVE-2023-23333, CVE-2019-9082, CVE-2023-1389, CVE-2025-31324 (CVSS 10.0), CVE-2025-4008 (CVSS 9.4), CVE-2024-3721, CVE-2025-34043 (CVSS 10.0), CVE-2025-9528 (CVSS 5.1), CVE-2013-1599, CVE-2022-36553, CVE-2020-10987, CVE-2023-41011, CVE-2022-40619, CVE-2022-24847, CVE-2020-8958, CVE-2014-3206, CVE-2023-1381, CVE-2022-22947, CVE-2020-9054
Downloadable IOCs: 26

ShadowV2 Casts a Shadow Over IoT Devices

A new Mirai variant called ShadowV2 has been observed spreading through IoT vulnerabilities during a global AWS disruption. The malware targeted multiple countries and industries worldwide, exploiting vulnerabilities in devices from vendors like DD-WRT, D-Link, Digiever, TBK, and TP-Link. ShadowV2 …
vulnerability
ddos
iot
botnet
mirai
c2
aws
CVE-2024-10914
CVE-2024-10915
CVE-2024-53375
CVE-2023-52163
CVE-2024-3721
shadowv2
CVE-2020-25506
2025-11-27
CVE-2009-2765
CVE-2022-37055
Published: November 27, 2025
Linked vulnerabilities : CVE-2024-10914 (CVSS 8.1), CVE-2024-10915 (CVSS 8.1), CVE-2024-53375 (CVSS 8.0), CVE-2023-52163 (CVSS 5.9), CVE-2024-3721, CVE-2020-25506, CVE-2009-2765, CVE-2022-37055
Downloadable IOCs: 16

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.