CVE-2024-36831

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 48.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dap-1520 Firmware

Timeline

PublishedDec 17

Description

A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDdlink/dap-1520_firmware1.10b04

🔴Vulnerability Details

GHSA

GHSA-gf85-q5rv-vmw6: A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1↗2024-12-17

▶

CVEList

CVE-2024-36831: A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1↗2024-12-17

▶