CVE-2024-42812

Exploit

EPSS 25.66%
Published 19.08.2024 20:15:07
Last modified 17.03.2025 16:15:22
Source cve@mitre.org
Teams watchlist Login
Open Login

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dir-860l Firmware Version2.0.3

Dlink ≫ Dir-860l Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.66%	0.961

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.dlink.com/en/security-bulletin/

Product

https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121c

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-42812

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42812

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42812

EUVD