Details of VAR-202411-1462

ID

VAR-202411-1462

CVE

CVE-2024-52754

TITLE

D-Link Systems, Inc. of di-8003 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-013266

DESCRIPTION

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. D-Link DI-8400 tgfile_htm has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application

Trust: 2.16

sources: NVD: CVE-2024-52754 // JVNDB: JVNDB-2024-013266 // CNVD: CNVD-2025-00980

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-00980

AFFECTED PRODUCTS

vendor:	dlink	model:	di-8003	scope:	eq	version:	16.07.16a1	Trust: 1.0
vendor:	d link	model:	di-8003	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	di-8003	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	di-8003	scope:	eq	version:	di-8003 firmware 16.07.16a1	Trust: 0.8
vendor:	d link	model:	di-8400 v16.07.26a1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-00980 // JVNDB: JVNDB-2024-013266 // NVD: CVE-2024-52754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-52754
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-52754
value:	LOW
Trust: 1.0
NVD:	CVE-2024-52754
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-00980
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-00980
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:L/AU:M/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-52754
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-52754
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.1
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-52754
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-00980 // JVNDB: JVNDB-2024-013266 // NVD: CVE-2024-52754 // NVD: CVE-2024-52754

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-013266 // NVD: CVE-2024-52754

EXTERNAL IDS

db:	NVD	id:	CVE-2024-52754	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-013266	Trust: 0.8
db:	CNVD	id:	CNVD-2025-00980	Trust: 0.6

sources: CNVD: CNVD-2025-00980 // JVNDB: JVNDB-2024-013266 // NVD: CVE-2024-52754

REFERENCES

url:	https://github.com/faqiadegege/iotvuln/blob/main/di_8003_tgfile_htm_stackoverflow/detail.md	Trust: 2.4
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-52754	Trust: 0.8

sources: CNVD: CNVD-2025-00980 // JVNDB: JVNDB-2024-013266 // NVD: CVE-2024-52754

SOURCES

db:	CNVD	id:	CNVD-2025-00980
db:	JVNDB	id:	JVNDB-2024-013266
db:	NVD	id:	CVE-2024-52754

LAST UPDATE DATE

2025-01-15T23:04:21.748000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-00980	date:	2025-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2024-013266	date:	2024-11-25T01:03:00
db:	NVD	id:	CVE-2024-52754	date:	2024-11-22T17:15:09.787

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-00980	date:	2025-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-013266	date:	2024-11-25T00:00:00
db:	NVD	id:	CVE-2024-52754	date:	2024-11-20T20:15:19.450