🔴 CVE-2024-0769

D-Link DIR-859 router has a critical path traversal vulnerability in hedwig.cgi that allows remote attackers to access arbitrary files without authentication. This vulnerability is actively exploited and listed in CISA KEV, affecting an end-of-life router model.

← Back to Overview
HIGH_RISK
Risk Level
5.3
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-01-21

Added to CISA KEV: 2025-06-25 521 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-0769 is a critical path traversal vulnerability affecting the D-Link DIR-859 Wi-Fi router [4] [1]. Because the product has reached its End-of-Life (EOL) status, it will not receive security patches from the manufacturer [1].

Vulnerability Overview
  • Affected Product: D-Link DIR-859 (specifically firmware version 1.06B01) [6] [7].
  • Vulnerability Type: Path Traversal [4].
  • Impact: Successful exploitation allows remote, unauthenticated attackers to access unauthorized files, including the extraction of sensitive account details and session data [2] [1]. This can lead to full privilege escalation and unauthorized control of the device via the administrative panel [2].
Exploitation and Attack Details
  • Attack Method: The vulnerability exists in the HTTP POST request handler, specifically within the `fatlady.php` and `hedwig.cgi` files [2] [7].
  • Requirements: It is a remote, unauthenticated vulnerability, meaning it does not require prior access to the device or user interaction to exploit [3].
  • Exploit Availability: Publicly disclosed exploit information is available for this vulnerability [5].
  • Threat Actor Usage/Ransomware: While the vulnerability is considered a "perma-vuln" due to the lack of patches and poses long-term exploitation risks, there is no specific evidence linking it to major ransomware campaigns or targeted advanced persistent threat (APT) attacks in the provided information [1].
Mitigation Status
  • Patch Status: There is no patch available because the device is End-of-Life [1].
  • Recommendation: Users are strongly advised to retire and replace the affected hardware, as it can no longer be secured against this or other vulnerabilities [1].

Sources

  1. Perma-Vuln: D-Link DIR-859, CVE-2024-0769

    The product is End-of-Life, so it won't be patched, posing long-term exploitation risks. Multiple XML files can be invoked using the ... We've uncovered a path traversal vulnerability in the D-Link DIR-859 router that leads to information disclosure. This exploit allows extraction of account details…

  2. CVE-2024-0769.md - GitHub

    This vulnerability allows for the leakage of session data, leading to Full Privilege Escalation and potential unauthorized control of the device via the admin ... francoataffarel francoataffarel. Rename CVE-2024-XXXX.md to CVE-2024-0769 .md.Vulnerability Description: D-Link DIR-859 Firmware RevA_FW_…

  3. UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found...

    VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Privileges required: More severe if no privileges are required. User interaction: More severe when no user interaction is required. Scope: More s…

  4. CVE-2024-0769: D-Link DIR-859 Path Traversal Vulnerability

    CVE-2024-0769 is a critical path traversal vulnerability in D-Link DIR-859 firmware that allows remote attackers to access unauthorized files. This article covers technical details, affected versions, and mitigation. ... CVE-2024-0769 is a critical path traversal vulnerability in D-Link DIR-859 firm…

  5. NVD - CVE-2024-0769

    The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further…

  6. CVE-2024-0769 Detail - NVD

    A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig. ...

  7. D-Link DIR-859 HTTP POST

    What is CVE-2024-0769? A critical vulnerability has been identified in D-Link DIR-859 version 1.06B01, specifically related to the file /hedwig.cgi in the HTTP POST Request Handler component.The vulnerability impacts D-Link DIR-859 version 1.06B01. It is essential for users of this specific version…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed