CVE-2024-7832
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-7832 is a critical buffer overflow vulnerability affecting various D-Link DNS models, including DNS-120, DNR-202L, and others, up to version 20240814. The vulnerability lies in the cgi_get_fullscreen_photos function of /cgi-bin/photocenter_mgr.cgi. An attacker can exploit this issue by manipulating the user argument to trigger a buffer overflow, potentially leading to remote code execution. This vulnerability has been disclosed to the public and poses a significant risk. Notably, only unsupported products are affected, as the vendor has confirmed that these devices are end-of-life and should be retired and replaced.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.