CVE-2024-8211

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_Std2R1_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_newly_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Publication date: Tue, 27 Aug 2024 19:00:00 +0000


Cyber News related to CVE-2024-8211

How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - – Exploitation of zero-day vulnerabilities or watering hole attacks (compromising websites frequented by the target).Establishing a Foothold– Attackers deploy malware to create backdoors or tunnels for undetected movement within the ...
4 months ago Cybersecuritynews.com APT41
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
Top 10 Best Linux Firewalls - 2025 - It protects computers/networks via secure programming.1. Old PCs only boot from CDROM, while network boot requires a net card with a boot ROM.2. Its web interface is very user-friendly and makes usage easy.2. User-created rules take longer to ...
2 months ago Cybersecuritynews.com
Enhancing firewall management with automation tools - Help Net Security - In this Help Net Security interview, Raymond Brancato, CEO at Tufin, discusses the considerations organizations must weigh when selecting a next-generation firewall to effectively balance security needs with network performance. Firewall rule ...
8 months ago Helpnetsecurity.com
BlackLock Emerging As a Major Player In RaaS With Variants for Windows, VMWare ESXi, & Linux Environments - Since its emergence in March 2024, the BlackLock ransomware operation (aka El Dorado) has executed a meteoric rise through the ransomware-as-a-service (RaaS) ranks, leveraging custom-built malware and sophisticated anti-detection techniques to ...
4 months ago Cybersecuritynews.com LockBit Ransomhub
Use Windows event logs for ransomware investigations, JPCERT/CC advises - Help Net Security - The JPCERT Coordination Center – the first Computer Security Incident Response Team established in Japan – has compiled a list of entries in Windows event logs that could help enterprise defenders respond to human-operated ransomware ...
8 months ago Helpnetsecurity.com 8base LockBit Akira
Exploiting Side-Channel Leakage Enable Successful Exploitations on The Latest Linux Kernel - Their findings revealed that three specific defenses – enforcing strict memory permissions or virtualizing the kernel heap or kernel stack – unintentionally create exploitable TLB contention patterns. The Linux kernel employs various ...
2 months ago Cybersecuritynews.com
VibeScamming - Hackers Using AI Tools to Generate Phishing Ideas & Working Models - In a concerning evolution of cybercrime, security researchers have identified a new threat known as “VibeScamming” – where malicious actors leverage generative AI to create sophisticated phishing campaigns with minimal effort. Their ...
2 months ago Cybersecuritynews.com
Building Trust Through Transparency - CISO Cybersecurity Practices - In an era of digital transformation and rising cyber threats, Building Trust Through Transparency has become a critical mission for the Chief Information Security Officer (CISO), who has evolved from a technical expert to a strategic leader ...
1 month ago Cybersecuritynews.com
Threat Actors Weaponize Language Software to Windows-Based Remote Surveillance Malware - The targeting of Uyghur language software reflects how threat actors exploit cultural preservation tools to compromise the very communities they were designed to serve. It creates a digital dilemma for those developing specialized software for ...
1 month ago Cybersecuritynews.com Silence
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
8 months ago Helpnetsecurity.com
Book Review: "Premier CISO - Board & C-Suite" By Michael S. Oberlaender - Home - Future, Trends and Insight - Book Review - Book Review: “Premier CISO – Board & C-Suite” by Michael S. Overall, “Premier CISO – Board & C-Suite” is a valuable resource for cybersecurity professionals ...
8 months ago Informationsecuritybuzz.com
Threat Actors Attacking Job Seekers With Three New Unique Adversaries - Their analysis revealed that operators typically employ multiple personas throughout the scam lifecycle – one to make initial contact and another to execute the fraud – allowing them to efficiently manage high volumes of victims while ...
1 month ago Cybersecuritynews.com
Beware! Android Spyware 'SpyMax' Gain Total Control of Your Android Phone - Once accessibility services are enabled, the malware gains the ability to read screen content, interact with applications autonomously, and intercept user interactions – essentially giving attackers complete remote control of the compromised ...
2 months ago Cybersecuritynews.com
Nationwide Power Outages in Portugal & Spain Possibly Due to Cyberattack - A massive power outage struck the Iberian Peninsula on April 28, 2025, plunging millions of people into darkness as electricity supplies were suddenly cut across Spain and Portugal. Electric sector sources dismiss the possibility of a simple short ...
1 month ago Cybersecuritynews.com
Lynx Ransomware Attacking Organizations to Exfiltrate Sensitive Data - The group’s command-line interface allows affiliates to customize attacks using flags such as –encrypt-network to target shared drives and –no-print to disable the ransomware’s unique feature of spamming ransom notes to connected ...
3 months ago Cybersecuritynews.com Inc ransom
VMware Vulnerabilities Exploited Actively to Deploy Ransomware - On March 4, 2025, Broadcom released emergency updates to address three critical vulnerabilities – CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 – affecting several VMware products, including ESXi, Workstation, and Fusion. Given the ...
3 months ago Cybersecuritynews.com CVE-2025-22224
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code - While the current vulnerability primarily causes server crashes, security experts warn that denial of service attacks can create opportunities for additional exploitation attempts, including potential paths to remote code execution in complex network ...
2 months ago Cybersecuritynews.com CVE-2017-7521
CVE-2025-31401 - Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas allows Stored XSS. This issue affects MMX – Make Me Christmas: from n/a through 1.0.0. ...
2 months ago
CVE-2025-31035 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md – ...
2 months ago
CVE-2025-31032 - Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1. ...
2 months ago
CVE-2025-32491 - Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO allows Privilege Escalation. This issue affects Rankology SEO – On-site SEO: from n/a through 2.2.3. ...
2 months ago
CVE-2025-48232 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite allows Stored XSS. This issue affects Xpro Addons For Beaver Builder – Lite: ...
1 month ago
CVE-2025-47529 - Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget ...
1 month ago
CVE-2025-52791 - Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8. ...
3 days ago