Key Information 1. Vulnerability Name: - D-LINK DNS-1550-04 UP TO 20240814 /CGI-BIN/HD_CONFIG.CGI CGI_FMT_STD2R5_2ND_DISKMGR F_SOURCE_DEV COMMAND INJECTION 2. Affected Products: - D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 3. CVSS Meta Temp Score: - 6.0 4. Current Exploit Price: - $0-$5k 5. CTI Interest Score: - 1.82 6. Vulnerability Description: - This is a command injection vulnerability affecting the function located in the file . By manipulating the parameter, unknown input can be injected, leading to command injection. 7. Impact: - Affects the confidentiality, integrity, and availability of the product. 8. CVE ID: - CVE-2024-8214 9. Vulnerability Disclosure: - The vulnerability has been publicly disclosed, and the affected products have reached end-of-life. They should be decommissioned and replaced. 10. GitHub Link: - github.com 11. Exploit Difficulty: - Low difficulty; attacks can be launched remotely. Summary This vulnerability is a command injection flaw affecting multiple D-Link device models, exploitable remotely. Although the CVSS score is relatively low, the broad impact and ease of exploitation warrant attention.