CVE-2024-7849

CVSS 2.0 Score 9.0 of 10 (high)

Details

Published Aug 16, 2024

Updated: Aug 19, 2024

CWE ID 120

Summary

CVE-2024-7849 is a critical vulnerability affecting various D-Link DNS models, including DNS-120, DNR-202L, and others, up to August 14, 2024. The issue lies in the function cgi_create_album of the file /cgi-bin/photocenter_mgr.cgi, where the argument current_path can be manipulated to trigger a buffer overflow. This vulnerability can be exploited remotely, and the exploit has been disclosed to the public. It is important to note that this vulnerability only affects products that are no longer supported by the vendor and should be retired and replaced. The vendor has confirmed that these products are end-of-life.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database