How severe is CVE-2024-5299?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-5299?

This is classified as CWE-749, which is a common weakness in software security.

CVE-2024-5299 - HIGH Severity | CVSS 8.8

Vulnerability Description

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the execMonitorScript method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21828.

Related Vulnerabilities

CVE-2019-10918

HIGH

CVSS:8.8(High)

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with ...

CWE-7492019

CVE-2020-17388

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, ...

CWE-7492020

CVE-2021-34996

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the ex...

CWE-7492021

CVE-2023-3612

HIGH

CVSS:8.8(High)

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context o...

CWE-7492023

CVE-2023-51584

HIGH

CVSS:8.8(High)

Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation...

CWE-7492023

CVE-2024-5298

HIGH

CVSS:8.8(High)

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation...

CWE-7492024