CVE-2024-33112

high

Description

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.

References

Exploits
More

https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/

https://hackread.com/ficora-capsaicin-botnet-d-link-router-flaws-ddos-attacks/

https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html

https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities

https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md

https://github.com/yj94/Yj_learning/blob/b597925953d8bbb286a63f0019bb547c1617cb61/Week16/D-LINK-POC.md

Details

Source: Mitre, NVD

Published: 2024-05-06

Updated: 2025-05-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.11811