← back
CVE-2024-42812

CVE-2024-42812

CVSS 9.8 CRITICALEPSS 15.5%CWE-120
Vexday Risk Score
33Attention
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 15.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121chttps://www.dlink.com/en/security-bulletin/