CVE-2024-7832

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 15, 2024
Updated: Aug 19, 2024
CWE ID 120

Summary

CVE-2024-7832 is a critical buffer overflow vulnerability affecting various D-Link DNS models, including DNS-120, DNR-202L, and others, up to version 20240814. The vulnerability lies in the cgi_get_fullscreen_photos function of /cgi-bin/photocenter_mgr.cgi. An attacker can exploit this issue by manipulating the user argument to trigger a buffer overflow, potentially leading to remote code execution. This vulnerability has been disclosed to the public and poses a significant risk. Notably, only unsupported products are affected, as the vendor has confirmed that these devices are end-of-life and should be retired and replaced.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share