CVE-2024-42812

Critical

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi.…

mitre·CWE-120·Published 2024-08-19

CVSS

9.8

EPSS

0.16

KEV

Exploits

cve.orgen

265 chars

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

NVDen

265 chars

NVDes

304 chars

En D-Link DIR-860L v2.03, existe una vulnerabilidad de desbordamiento del búfer debido a la falta de verificación de longitud para el campo SID en gena.cgi. Los atacantes que explotan con éxito esta vulnerabilidad pueden provocar que el dispositivo de destino remoto falle o ejecute comandos arbitrarios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H