PoC-CVE-2024-10914
by GYATT - Saturday November 16, 2024 at 08:59 PM
#11
yeah looking awesome ! if its works
Ban reason: Leeching. (Permanent)
Reply
#12
[cita="GYATT" pid='928360' dateline='1731790795']
Saludos y saludos, comunidad de Breachforums.

Hoy traigo a la mesa una 'vulnerabilidad crítica de inyección de comandos en dispositivos NAS de D-Link'

Descripción:

CVE-2024-10914 es una vulnerabilidad crítica de inyección de comandos que afecta a los dispositivos de almacenamiento conectado a red (NAS) de D-Link. Esta falla, con una puntuación CVSS de 9,2, permite a atacantes no autenticados ejecutar comandos de shell arbitrarios aprovechando una validación de entrada incorrecta en el comando cgi_user_add. La vulnerabilidad se puede activar de forma remota mediante una solicitud HTTP GET especialmente diseñada, lo que la hace muy explotable.


Enlace al verificador en Github, responda a continuación para obtener acceso si es un miembro no actualizado.

[/cita]
yokis
Ban reason: This is an English only forum. (Permanent)
Reply
#13
I am very curious on what exactly this would be. thank you! Big Grin Big Grin
Reply
#14
Thanks pity we wont be getting more.
Reply
#15
pretty new lets see how it works
Reply
#16
(11-16-2024, 08:59 PM)GYATT Wrote: Greetings & Salutations, Breachforums community.

Today I am bringing to the table a 'Critical Command Injection Vulnerability in D-Link NAS Devices'

Description:

CVE-2024-10914 is a critical command injection vulnerability affecting legacy D-Link Network Attached Storage (NAS) devices. This flaw, with a CVSS score of 9.2, allows unauthenticated attackers to execute arbitrary shell commands by exploiting improper input validation in the cgi_user_add command.  The vulnerability can be triggered remotely using a specially crafted HTTP GET request, making it highly exploitable.


Link to checker on Github, reply below to get access if you are an un-upgraded member.

Thank you brother
Reply
#17
Nice thanks i hope we will see you more
Reply
#18
Thanks for sharing
Reply
#19
Thanks! This sounds interesting,
Reply
#20
Checking it out. Nice exploit thx
Ban reason: Leeching | http://raiddfzn73ir6iyxlf7nwytnujiflddog...an-Appeals if you feel this is incorrect. (Permanent)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  new wordpress website takeover vuln (video + poc ) zinzeur 312 27,291 03-28-2026, 02:43 AM
Last Post: toshi99
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,210 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,097 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 79 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 810 02-07-2026, 08:53 AM
Last Post: hacker0123



 Users browsing this thread: 1 Guest(s)