AI description
CVE-2024-0769 is a path traversal vulnerability affecting D-Link DIR-859 routers. It resides in the `/hedwig.cgi` component's HTTP POST request handler. By manipulating the `service` argument, remote attackers can bypass security restrictions and access sensitive files. The vulnerability allows unauthorized access to system files, potentially leading to complete system compromise and data theft. While the affected product is end-of-life, the public availability of the exploit makes it a threat if the device is still in operation.
- Description
- ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
- CNA Tags
- unsupported-when-assigned
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Data from CISA
- Vulnerability name
- D-Link DIR-859 Router Path Traversal Vulnerability
- Exploit added on
- Jun 25, 2025
- Exploit action due
- Jul 16, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cna@vuldb.com
- CWE-22
- Hype score
- Not currently trending
🔓 CVE-2024-0769: path traversal crítico en routers D-Link DIR-859. Permite leer archivos sensibles sin autenticación. Fácil de explotar, sin parche oficial. ¿Tu red está expuesta? #Ciberseguridad #Vulnerabilidades #Redes Leé el análisis completo 👉 https://t.co/lNRuHr
@codeDrPlaga
27 Jun 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-0769 #D-Link DIR-859 Router Path Traversal Vulnerability https://t.co/DtXnKtcZpF
@ScyScan
25 Jun 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Fortinet FortiOS, D-Link DIR-859 Router, & AMI MegaRAC SPx vulnerabilities CVE-2019-6693, CVE-2024-0769, & CVE-2024-54085 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect against cyberattacks
@CISACyber
25 Jun 2025
7061 Impressions
20 Retweets
51 Likes
9 Bookmarks
2 Replies
3 Quotes
Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecurity firm GreyNoise have spotted exploitation attempts for the critica... https://t.co/X3VrTFIKcG
@pedri77
21 Apr 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-859_firmware:1.06:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E0346C9-BBD3-490A-97AE-806E02DC04B6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]