9.8
CVE-2024-7830
- EPSS 0.86%
- Published 15.08.2024 13:15:14
- Last modified 19.08.2024 18:34:36
- Source cna@vuldb.com
- Teams watchlist Login
- Open Login
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_move_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument photo_name leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
Data is provided by the National Vulnerability Database (NVD)
Dlink ≫ Dns-120 Firmware Version-
Dlink ≫ Dnr-202l Firmware Version-
Dlink ≫ Dns-315l Firmware Version-
Dlink ≫ Dns-320 Firmware Version-
Dlink ≫ Dns-320l Firmware Version-
Dlink ≫ Dns-320lw Firmware Version-
Dlink ≫ Dns-321 Firmware Version-
Dlink ≫ Dnr-322l Firmware Version-
Dlink ≫ Dns-323 Firmware Version-
Dlink ≫ Dns-325 Firmware Version-
Dlink ≫ Dns-326 Firmware Version-
Dlink ≫ Dns-327l Firmware Version-
Dlink ≫ Dnr-326 Firmware Version-
Dlink ≫ Dns-340l Firmware Version-
Dlink ≫ Dns-343 Firmware Version-
Dlink ≫ Dns-345 Firmware Version-
Dlink ≫ Dns-726-4 Firmware Version-
Dlink ≫ Dns-1100-4 Firmware Version-
Dlink ≫ Dns-1200-05 Firmware Version-
Dlink ≫ Dns-1550-04 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.743 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.