Details of VAR-202408-1790

ID

VAR-202408-1790

CVE

CVE-2024-42812

TITLE

D-Link Systems, Inc. of DIR-860L Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-010180

DESCRIPTION

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. D-Link Systems, Inc. of DIR-860L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-42812 // JVNDB: JVNDB-2024-010180

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-860l	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	d link	model:	dir-860l	scope:	eq	version:	dir-860l firmware 2.0.3	Trust: 0.8
vendor:	d link	model:	dir-860l	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-860l	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-42812
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-42812
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2024-42812
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-42812
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

EXTERNAL IDS

db:	NVD	id:	CVE-2024-42812	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-010180	Trust: 0.8

sources: JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

REFERENCES

url:	https://gist.github.com/xiaocurry/574ed9c2b0d12cd0b45399116d82121c	Trust: 1.8
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-42812	Trust: 0.8

sources: JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

SOURCES

db:	JVNDB	id:	JVNDB-2024-010180
db:	NVD	id:	CVE-2024-42812

LAST UPDATE DATE

2024-10-12T23:07:57.697000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-010180	date:	2024-10-11T01:57:00
db:	NVD	id:	CVE-2024-42812	date:	2024-10-10T20:18:11.100

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-010180	date:	2024-10-11T00:00:00
db:	NVD	id:	CVE-2024-42812	date:	2024-08-19T20:15:07.070