Analysis Summary

CVE-2024-7830 CVSS:8.8

D-Link devices are is vulnerable to a buffer overflow, caused by improper bounds checking by cgi_move_photo. By sending a specially crafted string to photocenter_mgr.cgi , a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-7829 CVSS:8.8

D-Link devices are vulnerable to a buffer overflow, caused by improper bounds checking by cgi_del_photo. By sending a specially crafted string to photocenter_mgr.cgi , a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-7831 CVSS:8.8

D-Link devices are vulnerable to a buffer overflow, caused by improper bounds checking by cgi_get_cooliris. By sending a specially crafted string to photocenter_mgr.cgi , a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-7832 CVSS:8.8

D-Link devices are vulnerable to a buffer overflow, caused by improper bounds checking by cgi_get_fullscreen_photos. By sending a specially crafted string to photocenter_mgr.cgi, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Impact

• Buffer Overflow

Indicators of Compromise

CVE

• CVE-2024-7830
• CVE-2024-7829
• CVE-2024-7831
• CVE-2024-7832

Affected Vendors

Remediation

Refer to D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website