CVE-2024-40505

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.

9.3 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://coldwx.github.io/CVE-2024-40505.html Third Party Advisory
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266 Vendor Advisory
https://coldwx.github.io/CVE-2024-40505.html Third Party Advisory
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dap-1650_firmware:1.03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1650:-:*:*:*:*:*:*:*
History

29 May 2025, 20:11

Type Values Removed Values Added
References () https://coldwx.github.io/CVE-2024-40505.html - () https://coldwx.github.io/CVE-2024-40505.html - Third Party Advisory
References () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266 - () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266 - Vendor Advisory
CPE cpe:2.3:h:dlink:dap-1650:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1650_firmware:1.03:*:*:*:*:*:*:*
First Time Dlink dap-1650 Firmware
Dlink
Dlink dap-1650

21 Nov 2024, 09:31

Type Values Removed Values Added
References () https://coldwx.github.io/CVE-2024-40505.html - () https://coldwx.github.io/CVE-2024-40505.html -
References () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266 - () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266 -

28 Oct 2024, 21:15

Type Values Removed Values Added
Summary (en) **UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. (en) Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.

01 Aug 2024, 13:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.3
CWE CWE-35

17 Jul 2024, 13:34

Type Values Removed Values Added
Summary
  • (es) **NO COMPATIBLE CUANDO ESTÁ ASIGNADO** La vulnerabilidad de Directory Traversal en el firmware D-Link DAP-1650 v.1.03 permite a un atacante local escalar privilegios a través del componente hedwig.cgi.

16 Jul 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-16 20:15

Updated : 2025-05-29 20:11

NVD link : CVE-2024-40505

Mitre link : CVE-2024-40505

CVE.ORG link : CVE-2024-40505

JSON object : View

Products Affected

dlink

  • dap-1650
  • dap-1650_firmware
CWE
CWE-35

Path Traversal: '.../...//'