9

CVE-2024-7832

Exploit

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Data is provided by the National Vulnerability Database (NVD)
DlinkDns-120 Firmware Version-
   DlinkDns-120 Version-
DlinkDnr-202l Firmware Version-
   DlinkDnr-202l Version-
DlinkDns-315l Firmware Version-
   DlinkDns-315l Version-
DlinkDns-320 Firmware Version-
   DlinkDns-320 Version-
DlinkDns-320l Firmware Version-
   DlinkDns-320l Version-
DlinkDns-320lw Firmware Version-
   DlinkDns-320lw Version-
DlinkDns-321 Firmware Version-
   DlinkDns-321 Version-
DlinkDnr-322l Firmware Version-
   DlinkDnr-322l Version-
DlinkDns-323 Firmware Version-
   DlinkDns-323 Version-
DlinkDns-325 Firmware Version-
   DlinkDns-325 Version-
DlinkDns-326 Firmware Version-
   DlinkDns-326 Version-
DlinkDns-327l Firmware Version-
   DlinkDns-327l Version-
DlinkDnr-326 Firmware Version-
   DlinkDnr-326 Version-
DlinkDns-340l Firmware Version-
   DlinkDns-340l Version-
DlinkDns-343 Firmware Version-
   DlinkDns-343 Version-
DlinkDns-345 Firmware Version-
   DlinkDns-345 Version-
DlinkDns-726-4 Firmware Version-
   DlinkDns-726-4 Version-
DlinkDns-1100-4 Firmware Version-
   DlinkDns-1100-4 Version-
DlinkDns-1200-05 Firmware Version-
   DlinkDns-1200-05 Version-
DlinkDns-1550-04 Firmware Version-
   DlinkDns-1550-04 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.71% 0.715
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://vuldb.com/?ctiid.274730
Third Party Advisory
VDB Entry
Permissions Required
https://vuldb.com/?id.274730
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.390120
Third Party Advisory
VDB Entry