ID

VAR-202411-1441


CVE

CVE-2024-52757


TITLE

D-Link Systems, Inc.  of  di-8003  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-013302

DESCRIPTION

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application

Trust: 2.16

sources: NVD: CVE-2024-52757 // JVNDB: JVNDB-2024-013302 // CNVD: CNVD-2024-46395

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-46395

AFFECTED PRODUCTS

vendor:dlinkmodel:di-8003scope:eqversion:16.07.16a1

Trust: 1.0

vendor:d linkmodel:di-8003scope: - version: -

Trust: 0.8

vendor:d linkmodel:di-8003scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:di-8003scope:eqversion:di-8003 firmware 16.07.16a1

Trust: 0.8

vendor:d linkmodel:di-8400 v16.07.26a1scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-46395 // JVNDB: JVNDB-2024-013302 // NVD: CVE-2024-52757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-52757
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-52757
value: LOW

Trust: 1.0

NVD: CVE-2024-52757
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-46395
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-46395
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:L/AU:M/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-52757
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-52757
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-52757
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-46395 // JVNDB: JVNDB-2024-013302 // NVD: CVE-2024-52757 // NVD: CVE-2024-52757

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-013302 // NVD: CVE-2024-52757

EXTERNAL IDS

db:NVDid:CVE-2024-52757

Trust: 3.2

db:JVNDBid:JVNDB-2024-013302

Trust: 0.8

db:CNVDid:CNVD-2024-46395

Trust: 0.6

sources: CNVD: CNVD-2024-46395 // JVNDB: JVNDB-2024-013302 // NVD: CVE-2024-52757

REFERENCES

url:https://github.com/faqiadegege/iotvuln/blob/main/di_8003_arp_sys_asp_stackoverflow/detail.md

Trust: 2.4

url:https://www.dlink.com/en/security-bulletin/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-52757

Trust: 0.8

sources: CNVD: CNVD-2024-46395 // JVNDB: JVNDB-2024-013302 // NVD: CVE-2024-52757

SOURCES

db:CNVDid:CNVD-2024-46395
db:JVNDBid:JVNDB-2024-013302
db:NVDid:CVE-2024-52757

LAST UPDATE DATE

2024-11-29T23:07:42.700000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-46395date:2024-11-28T00:00:00
db:JVNDBid:JVNDB-2024-013302date:2024-11-25T02:55:00
db:NVDid:CVE-2024-52757date:2024-11-22T17:15:10.150

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-46395date:2024-11-28T00:00:00
db:JVNDBid:JVNDB-2024-013302date:2024-11-25T00:00:00
db:NVDid:CVE-2024-52757date:2024-11-20T20:15:19.533