CVE-2024-42812

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
9.8CRITICAL
EPSS
38.9%
top 2.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-860l Firmware
Timeline
PublishedAug 19

Description

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2024-42812: In D-Link DIR-860L v22024-08-19
GHSA
GHSA-j6qj-c649-wpqq: In D-Link DIR-860L v22024-08-19
CVE-2024-42812 (CRITICAL CVSS 9.8) | In D-Link DIR-860L v2.03 | cvebase.io