Request a Demo
Rewterz
Rewterz Threat Advisory – ICS: Hitachi Vantara Pentaho Vulnerability
March 4, 2024
Rewterz
Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
March 4, 2024

Rewterz Threat Advisory – Multiple D-Link DIR-823G Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-27655 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a buffer overflow. By sending a specially crafted request using the SOAPACTION parameter, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27656 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a buffer overflow. By sending a specially crafted request using the Cookie parameter, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27657 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a buffer overflow. By sending a specially crafted request using the User-Agent parameter, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27658 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a NULL pointer dereferences in sub_4484A8(). A remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27659 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a NULL pointer dereferences in sub_42AF30(). A remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27660 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a NULL pointer dereferences in sub_41C488(). A remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27661 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a NULL pointer dereferences in sub_4484A8(). A remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-27662 CVSS:5.3

D-Link DIR-823G is vulnerable to a denial of service, caused by a NULL pointer dereferences in sub_4110f4(). A remote attacker could exploit this vulnerability to cause a denial of service.

Impact

  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2024-27655
  • CVE-2024-27656
  • CVE-2024-27657
  • CVE-2024-27658
  • CVE-2024-27659
  • CVE-2024-27660
  • CVE-2024-27661
  • CVE-2024-27662

Affected Vendors

D-Link

Affected Products

  • D-Link DIR-823G 1.0.2B05

Remediation

Refer to D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website