CVE-2024-45694

Published: Sep 16, 2024Modified: Sep 17, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Affected (6)

Products: Dlink: Dir X5460 Firmware, Dir X4860 Firmware

Dlink

2 products

Dir X5460 Firmware

Dir X4860 Firmware

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir X5460 Firmware	Version 1.01
Dlink Dir X5460 Firmware	Version 1.02
Dlink Dir X5460 Firmware	Version 1.04
Dlink Dir X5460 Firmware	Version 1.10

Running on/with	Platform Versions
Dlink Dir X5460	Version a1

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir X4860 Firmware	Version 1.00
Dlink Dir X4860 Firmware	Version 1.04

Running on/with	Platform Versions
Dlink Dir X4860	Version a1

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (2)

https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.