CVE-2024-5294

CWE-401Memory Leak2 documents2 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 76.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-3040Dlink Dir-3040 Firmware
Timeline
PublishedMay 23

Description

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on ports 80 and 443. The issue results from the lack of proper memory managem

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5d-link/dir-3040120B03

🔴Vulnerability Details

1
CVEList
D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability2024-05-23
CVE-2024-5294 (MEDIUM CVSS 6.5) | D-Link DIR-3040 prog.cgi websSecuri | cvebase.io