Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-5294

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on ports 80 and 443. The issue results from the lack of proper memory management when processing HTTP cookie values. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. . Was ZDI-CAN-21668.

Published

2024-05-23T22:15:15.213

Last Modified

2025-08-06T14:25:50.467

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-3040_firmware	120b03	Yes
Hardware	dlink	dir-3040	-	No

References

https://www.zerodayinitiative.com/advisories/ZDI-24-445/ Third Party Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-24-445/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)