24h | 7d | 30d

CVE-2024-3721

Overview

  • TBK
  • DVR-4104
13 Apr 2024
Published
01 Aug 2024
Updated
CVSS v3.1
MEDIUM (6.3)
EPSS
83.57%
KEV

Description

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 7h ago

CVE-2024-10914

Overview

  • D-Link
  • DNS-320
06 Nov 2024
Published
24 Nov 2024
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
93.12%
KEV

Description

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 7h ago

CVE-2022-37055

Overview

  • Pending
28 Aug 2022
Published
06 Jan 2025
Updated
CVSS
Pending
EPSS
37.41%
KEV

Description

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 7h ago

CVE-2009-2765

Overview

  • Pending
14 Aug 2009
Published
07 Aug 2024
Updated
CVSS
Pending
EPSS
92.26%
KEV

Description

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Botnet takes advantage of AWS outage to hit 28 countries
theregister.com/2025/11/26/mir

A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.

Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.

The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including:
• DD-WRT: CVE-2009-2765
• D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915
• DigiEver: CVE-2023-52163
• TBK: CVE-2024-3721
• TP-Link: CVE-2024-53375

These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.

  • 0
  • 0
  • 0
  • 7h ago
Showing 31 to 34 of 34 CVEs