CVE-2024-45623

Summary

CVE-2024-45623 is a critical vulnerability affecting the D-Link DAP-2310 Hardware A with firmware version 1.16RC028, which allows remote attackers to execute arbitrary code due to a stack-based buffer overflow in the ATP binary processing PHP HTTP GET requests for the Apache HTTP Server. This vulnerability poses significant risks, including potential high impacts on confidentiality, integrity, and availability of affected systems, with an exploitability score of 3.9 and a base severity rating of 9.8. The attack can be executed remotely without requiring privileges or user interaction, highlighting its dangerous nature. Remediation for this vulnerability involves updating to supported firmware or replacing unsupported products, as the affected device is no longer maintained by the vendor. Organizations using affected products should take immediate action to mitigate the risks associated with this critical vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.