High severity8.8NVD Advisory· Published Sep 9, 2024· Updated Apr 15, 2026

CVE-2024-44333

Description

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious string to the CGI function responsible for handling usb_paswd.asp.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A command injection vulnerability in D-Link DI-7000V2 series routers allows attackers to execute arbitrary commands as root via a crafted request to usb_paswd.asp.

Vulnerability

Analysis The vulnerability resides in the jhttpd component's handler for the usb_paswd.asp page. The handler does not properly sanitize user-provided input, allowing command injection [1]. Affected models include DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 running specific firmware versions.

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface. The attack requires network access to the management interface and likely authentication [1]. The provided proof-of-concept demonstrates how to trigger arbitrary command execution.

Impact

Successful exploitation grants the attacker root-level command execution on the device, leading to full compromise, including the ability to modify configurations, exfiltrate data, or use the router in further attacks.

Mitigation

As of publication, no official patch has been released. Users should restrict access to the router's web interface to trusted networks and monitor D-Link's security bulletin for updates [1].

References

CVE-2024-44333_DLink_usb_paswd_asp.md

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Dlink/DI-7100GV2llm-create
Range: = v24.04.18D1
Dlink/DI-7200GV2llm-create
Range: = v24.04.18E1
Dlink/DI-7100Gllm-fuzzy
Range: = v24.04.18D1
Dlink/DI-7400G+llm-fuzzy
Range: = v24.04.18D1
Dlink/DI-7300G+llm-fuzzy
Range: = v24.04.18D1
Dlink/DI-7003GV2llm-fuzzy
Range: = v24.04.18D1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000