Exploit for #VU100213 OS Command Injection in D-Link products

Published: 2024-11-11 | Updated: 2025-02-21

Vulnerability identifier: #VU100213

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-10914

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 8

February 21, 2025
- CVE-2024-10914-Exploit (CVE-2024-10914 Shell Exploit) [Github]
December 27, 2024
- CVE-2024-10914 (A PoC exploit for CVE-2024-10914 - D-Link Remote Code Execution (RCE)) [Github]
December 13, 2024
- D-Link [Github]
December 6, 2024
- CVE-2024-10914-Exploit (CVE-2024-10914 is a critical vulnerability affecting the D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. The function cgi_user_add in the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add is the culprit, allow [Github]
November 29, 2024
- CVE-2024-10914-EXPLOIT (A PoC exploit for CVE-2024-10914 - D-Link Remote Code Execution (RCE)) [Github]
November 22, 2024
- CVE-2024-10914 [Github]
November 15, 2024
- CVE-2024-10914 (Exploit for cve-2024-10914: D-Link DNS-320, DNS-320LW, DNS-325, DNS-340L Version 1.00, Version 1.01.0914.2012, Version 1.01, Version 1.02, Version 1.08 Command Injection) [Github]
November 11, 2024
- Command Injection Vulnerability in name parameter for D-Link NAS [Custom exploits]

Vulnerable software:
D-Link DNS-320
Hardware solutions / Firmware
D-Link DNS-320LW
Hardware solutions / Office equipment, IP-phones, print servers
D-Link DNS-325
Hardware solutions / Routers for home users
D-Link DNS-340L
Hardware solutions / Routers for home users

Vendor: D-Link