What is CVE-2024-10914?

A critical command injection vulnerability exists in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L firmware. Organizations must prioritize remediation to prevent remote exploitation.

What is the severity of CVE-2024-10914?

CVE-2024-10914 has a severity rating of CRITICAL with a CVSS base score of 9.2.

CVE-2024-10914 | Critical Vulnerability in D-Link DNS Products

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L firmware up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to OS command injection. The attack can be launched remotely. The complexity of an attack is rather high, and exploitation appears to be difficult. Given the critical nature of this vulnerability, organizations should prioritize patching immediately.

This vulnerability allows attackers to exploit affected devices via remote command injection, potentially leading to unauthorized access and control over the device. The risk to organizations includes data exposure and potential disruption of services. As the vulnerability has been made public, it may invite active exploitation by malicious actors.

Organizations using D-Link products should assess their exposure and implement necessary updates or mitigations to secure their devices against potential threats. The urgency for defenders is high, given the critical nature of this vulnerability.

In light of this vulnerability's critical nature and public disclosure, immediate action is required to mitigate risks associated with potential exploitation. Regular monitoring and prompt updates to firmware are essential for maintaining security.

Vulnerability Details

The vulnerability is classified as a command injection vulnerability, with a CVSS score of 9.2, indicating critical severity. The affected products include D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L firmware versions up to the specified date.

The vulnerability was published on November 6, 2024, and it falls under the following CWE classifications: CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), CWE-78 (Improper Neutralization of Special Elements used in an OS Command), and CWE-707 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).

Technical Analysis

The root cause of this vulnerability stems from inadequate input validation within the cgi_user_add function, allowing for the manipulation of the 'name' argument. The attack vector is NETWORK-based, and the attack complexity is classified as HIGH. No privileges are required for an attacker, and user interaction is not necessary. The vulnerability impacts confidentiality, integrity, and availability, all rated HIGH.

Risk & Impact Analysis

The deployment of vulnerable D-Link devices poses significant risks to organizations, particularly due to the potential for unauthorized access and data manipulation. The blast radius can extend across networks where these devices are deployed, making it paramount for organizations to address this vulnerability urgently. With a CVSS score of 9.2, the urgency assessment is critical.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L firmware versions prior to 20241028.

Mitigation & Remediation

To mitigate the risks associated with this vulnerability, organizations should immediately update affected devices to the latest firmware version provided by D-Link. If a patch is not available, consider implementing network segmentation and firewall rules to restrict access to the affected devices. Organizations may also benefit from conducting regular security assessments and penetration testing to identify and address potential vulnerabilities.

Detection Guidance

Monitor logs for unusual activities related to the cgi_user_add function and check for any anomalies in device behavior. Network signatures for command injection attempts should be established, and any unexpected changes to system configurations should be documented and investigated.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2024-10914 highlights the persistent vulnerabilities within legacy systems. This incident serves as a reminder for security teams to conduct thorough assessments of outdated products and implement a regular patch management program. Penetration testing methodology should be continuously refined to adapt to emerging threats, ensuring that organizations remain vigilant against exploitation attempts.

Additionally, organizations should prioritize training for their security teams on identifying and mitigating command injection vulnerabilities, ensuring that all personnel are equipped to respond effectively.

For further insights, organizations can refer to the following resources:

Vulnerability management program design and security testing best practices for a comprehensive approach to securing organizational assets.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-10914: Critical Vulnerability in D-Link DNS Products