Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-42812

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Published

2024-08-19T20:15:07.070

Last Modified

2025-03-17T16:15:22.480

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-120
Type: Secondary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-860l_firmware	2.0.3	Yes
Hardware	dlink	dir-860l	-	No

References

https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121c Exploit, Third Party Advisory ([email protected])
https://www.dlink.com/en/security-bulletin/ Product ([email protected])