Unrated severityNVD Advisory· Published May 23, 2024· Updated Aug 1, 2024
D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2024-5292
Description
D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 4.0.0.21
Patches
Vulnerability mechanics
References
1- www.zerodayinitiative.com/advisories/ZDI-24-443/mitrex_research-advisory
News mentions
0No linked articles in our index yet.