Details of VAR-202405-0217

ID

VAR-202405-0217

CVE

CVE-2024-5293

TITLE

(0Day) D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-24-444

DESCRIPTION

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853. D-Link DIR-2640 is a high-power Wi-Fi router from D-Link, a Chinese company. D-Link DIR-2640 has a buffer overflow vulnerability. The vulnerability is caused by the program failing to properly verify the length of the input data

Trust: 2.07

sources: NVD: CVE-2024-5293 // ZDI: ZDI-24-444 // CNVD: CNVD-2024-26177

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-26177

AFFECTED PRODUCTS

vendor:

d link

model:

dir-2640

scope:

version:

Trust: 1.3

sources: ZDI: ZDI-24-444 // CNVD: CNVD-2024-26177

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2024-5293
value:	HIGH
Trust: 1.0
ZDI:	CVE-2024-5293
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2024-26177
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-26177
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2024-5293
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
ZDI:	CVE-2024-5293
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-24-444 // CNVD: CNVD-2024-26177 // NVD: CVE-2024-5293

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2024-5293

EXTERNAL IDS

db:	NVD	id:	CVE-2024-5293	Trust: 2.3
db:	ZDI	id:	ZDI-24-444	Trust: 2.3
db:	ZDI_CAN	id:	ZDI-CAN-21853	Trust: 0.7
db:	CNVD	id:	CNVD-2024-26177	Trust: 0.6

sources: ZDI: ZDI-24-444 // CNVD: CNVD-2024-26177 // NVD: CVE-2024-5293

REFERENCES

url:

https://www.zerodayinitiative.com/advisories/zdi-24-444/

Trust: 1.6

sources: CNVD: CNVD-2024-26177 // NVD: CVE-2024-5293

CREDITS

Nicholas Zubrisky

Trust: 0.7

sources: ZDI: ZDI-24-444

SOURCES

db:	ZDI	id:	ZDI-24-444
db:	CNVD	id:	CNVD-2024-26177
db:	NVD	id:	CVE-2024-5293

LAST UPDATE DATE

2024-08-14T15:31:33.121000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-24-444	date:	2024-07-01T00:00:00
db:	CNVD	id:	CNVD-2024-26177	date:	2024-06-06T00:00:00
db:	NVD	id:	CVE-2024-5293	date:	2024-05-24T01:15:30.977

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-24-444	date:	2024-05-24T00:00:00
db:	CNVD	id:	CNVD-2024-26177	date:	2024-06-06T00:00:00
db:	NVD	id:	CVE-2024-5293	date:	2024-05-23T22:15:15