How to Fix CVE-2024-0769: D-link DIR-859 (Bundle Sibling)
By Sai Kiran Pandrala
| Severity | CVSS 5.3 (Medium) |
|---|---|
| Actively exploited? | Yes, listed in CISA KEV (added 2025-06-25, federal due date 2025-07-16) |
| Affected | Same as the bundle |
| Fixed in | Same patched build as CVE-2024-3273 |
| Type (CWE) | CWE-22 — Path Traversal |
CVE-2024-0769 ships in the same vendor advisory as CVE-2024-3273. The patched build at the primary write-up closes this CVE too.
What's different about CVE-2024-0769?
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier a
The flaw class and remediation are identical to the primary CVE in the bundle. A successful exploit lets a remote attacker read or write files outside the intended directory.
How to fix CVE-2024-0769
Apply the patched build documented in the primary write-up: How to Fix CVE-2024-3273. The vendor ships a single fix that covers every CVE in this advisory.
Frequently asked questions
Is CVE-2024-0769 actively exploited?
Yes. CVE-2024-0769 is on the CISA Known Exploited Vulnerabilities catalog, so federal civilian agencies are required to patch on the published deadline. Most enterprises treat the same date as the practical floor.
What is the CVSS severity of CVE-2024-0769?
Medium. See the advisory for the full CVSS vector.
Where can I read the official advisory?
See https://vuldb.com/?id.251666
Does the patch require a reboot?
It depends on the deployment. Service-only updates usually need a service restart; OS-level fixes require a full reboot. Check the vendor release notes for the exact post-upgrade steps.
References
- Official vendor advisory: https://vuldb.com/?id.251666
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0769
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Primary write-up: How to Fix CVE-2024-3273
*This guide is part of the D-link DIR-859 bundle. Full remediation procedure is at CVE-2024-3273.*