← Back

CVE-2024-7828

nvd nist
Published: Aug 15, 2024Modified: Aug 19, 2024

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_set_cover of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument album_name leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Affected (20)

Dlink
20 products
Dns 120 Firmware
Dnr 202l Firmware
Dns 315l Firmware
Dns 320 Firmware
Dns 320l Firmware
Dns 320lw Firmware
Dns 321 Firmware
Dnr 322l Firmware
Dns 323 Firmware
Dns 325 Firmware
Dns 326 Firmware
Dns 327l Firmware
Dnr 326 Firmware
Dns 340l Firmware
Dns 343 Firmware
Dns 345 Firmware
Dns 726 4 Firmware
Dns 1100 4 Firmware
Dns 1200 05 Firmware
Dns 1550 04 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 120 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 120
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dnr 202l Firmware
All versions
Running on/withPlatform Versions
Dlink
Dnr 202l
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 315l Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 315l
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 320 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 320
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 320l Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 320l
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 320lw Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 320lw
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 321 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 321
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dnr 322l Firmware
All versions
Running on/withPlatform Versions
Dlink
Dnr 322l
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 323 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 323
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 325 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 325
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 326 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 326
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 327l Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 327l
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dnr 326 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dnr 326
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 340l Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 340l
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 343 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 343
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 345 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 345
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 726 4 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 726 4
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 1100 4 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 1100 4
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 1200 05 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 1200 05
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dns 1550 04 Firmware
All versions
Running on/withPlatform Versions
Dlink
Dns 1550 04
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (5)

Source: cna@vuldb.com
Exploit
Source: cna@vuldb.com
Vendor Advisory
Source: cna@vuldb.com
Permissions RequiredVDB Entry
Source: cna@vuldb.com
Permissions RequiredThird Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry

Timeline

No history available yet.