CVE-2024-42812

critical

Description

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

References

https://www.dlink.com/en/security-bulletin/

https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121c

Details

Source: Mitre, NVD

Published: 2024-08-19

Updated: 2024-10-10

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H