CVE-2024-45695

2024-09-1607:15:02

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

cve-2024-45695

web service

remote attackers

arbitrary code

unauthenticated

exploit

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.0%

JSON

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Affected configurations

Nvd

Node

dlinkdir-x4860_firmwareMatch1.00

dlinkdir-x4860_firmwareMatch1.04

AND

dlinkdir-x4860Matcha1

VendorProductVersionCPE
dlinkdir-x4860_firmware1.00cpe:2.3:o:dlink:dir-x4860_firmware:1.00:*:*:*:*:*:*:*
dlinkdir-x4860_firmware1.04cpe:2.3:o:dlink:dir-x4860_firmware:1.04:*:*:*:*:*:*:*
dlinkdir-x4860a1cpe:2.3:h:dlink:dir-x4860:a1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dir-x4860_firmware	1.00	cpe:2.3:o:dlink:dir-x4860_firmware:1.00:::::::*
dlink	dir-x4860_firmware	1.04	cpe:2.3:o:dlink:dir-x4860_firmware:1.04:::::::*
dlink	dir-x4860	a1	cpe:2.3:h:dlink:dir-x4860:a1:::::::*