CVE-2024-42812

Exploit

EPSS 33.5%
Veröffentlicht 19.08.2024 20:15:07
Zuletzt bearbeitet 17.03.2025 16:15:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dir-860l Firmware Version2.0.3

Dlink ≫ Dir-860l Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	33.5%	0.968

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.dlink.com/en/security-bulletin/

Product

https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121c

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-42812

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42812

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42812

EUVD