CVE-2024-42812

Published: Aug 19, 2024Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Affected (1)

Products: Dlink: Dir 860l Firmware

1 product

Dir 860l Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 860l Firmware	Version 2.0.3

Running on/with	Platform Versions
Dlink Dir 860l	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://gist.github.com/XiaoCurry/574ed9c2b0d12cd0b45399116d82121c

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: cve@mitre.org

Product

Timeline

No history available yet.