Iran-Linked APT42 Launches Cyberattacks at US Presidential Elections – Active IOCs
August 19, 2024Microsoft Fixes Zero-Day Vulnerability Exploited by Lazarus Group
August 19, 2024Iran-Linked APT42 Launches Cyberattacks at US Presidential Elections – Active IOCs
August 19, 2024Microsoft Fixes Zero-Day Vulnerability Exploited by Lazarus Group
August 19, 2024Severity
High
Analysis Summary
CVE-2024-7830 CVSS:8.8
D-Link devices are is vulnerable to a buffer overflow, caused by improper bounds checking by cgi_move_photo. By sending a specially crafted string to photocenter_mgr.cgi , a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-7829 CVSS:8.8
D-Link devices are vulnerable to a buffer overflow, caused by improper bounds checking by cgi_del_photo. By sending a specially crafted string to photocenter_mgr.cgi , a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-7831 CVSS:8.8
D-Link devices are vulnerable to a buffer overflow, caused by improper bounds checking by cgi_get_cooliris. By sending a specially crafted string to photocenter_mgr.cgi , a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2024-7832 CVSS:8.8
D-Link devices are vulnerable to a buffer overflow, caused by improper bounds checking by cgi_get_fullscreen_photos. By sending a specially crafted string to photocenter_mgr.cgi, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Impact
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-7830
- CVE-2024-7829
- CVE-2024-7831
- CVE-2024-7832
Affected Vendors
Affected Products
- D-Link DNR-202L - 20240814
- D-Link DNR-322L - 20240814
- D-Link DNR-326 - 20240814
- D-Link DNS-1100-4 - 20240814
- D-Link DNS-120 - 20240814
- D-Link DNS-1200-05 - 20240814
- D-Link DNS-1550-04 - 20240814
- D-Link DNS-315L - 20240814
- D-Link DNS-320 - 20240814
- D-Link DNS-320L - 20240814
Remediation
Refer to D-Link Website for patch, upgrade, or suggested workaround information.