CVE-2024-0769 - D-Link DIR-859 Router Path Traversal Vulnerability
Project:D-Link
Product:DIR-859 Router
Date Added:2025-06-25Due Date:2025-07-16
Vulnerability Name
D-Link DIR-859 Router Path Traversal Vulnerability
Description
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371
https://nvd.nist.gov/vuln/detail/CVE-2024-0769
Related News Articles
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, FortinetJune 26, 2025