August 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
High-Value Victims Targeted by APT29 Using PyRDP and Rogue RDP Servers – Active IOCs
December 19, 2024
Multiple WordPress Plugins Vulnerabilities
December 19, 2024
High-Value Victims Targeted by APT29 Using PyRDP and Rogue RDP Servers – Active IOCs
December 19, 2024
Multiple WordPress Plugins Vulnerabilities
December 19, 2024
Severity
Medium
Analysis Summary
CVE-2024-37606 CVSS:7.5
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2024-37605 CVSS:7.5
D-Link DIR-860L is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service
CVE-2024-36832 CVSS:7.5
D-Link DAP-1513 is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-36831 CVSS:5.3
D-Link DAP-1520 is vulnerable to a denial of service, caused by a NULL pointer dereference in the plugins_call_handle_uri_clean function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-37606
- CVE-2024-37605
- CVE-2024-36832
- CVE-2024-36831
Affected Vendors
D-Link
Affected Products
- D-Link DCS-932L REVB_FIRMWARE_2.18.01
- D-Link DIR-860L
- D-Link DAP-1513 REVA_FIRMWARE_1.01
- D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX
Remediation
Refer to D-Link Security Advisory for patch, upgrade, or suggested workaround information.