CVE-2024-45694

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45694
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dir-x5460_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x5460_firmware:1.02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x5460_firmware:1.04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x5460_firmware:1.10:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-x5460:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:dlink:dir-x4860_firmware:1.00:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x4860_firmware:1.04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-x4860:a1:*:*:*:*:*:*:*
History

17 Sep 2024, 18:40

Type Values Removed Values Added
CPE cpe:2.3:h:dlink:dir-x5460:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x5460_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x5460_firmware:1.02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x5460_firmware:1.04:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x4860_firmware:1.04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-x4860:a1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x4860_firmware:1.00:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-x5460_firmware:1.10:*:*:*:*:*:*:*
References () https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html - () https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html - () https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html - Third Party Advisory
First Time Dlink
Dlink dir-x4860 Firmware
Dlink dir-x4860
Dlink dir-x5460
Dlink dir-x5460 Firmware

16 Sep 2024, 15:30

Type Values Removed Values Added
Summary
  • (es) El servicio web de ciertos modelos de enrutadores inalámbricos D-Link contiene una vulnerabilidad de desbordamiento de búfer basada en pila, que permite a atacantes remotos no autenticados explotar esta vulnerabilidad para ejecutar código arbitrario en el dispositivo.

16 Sep 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-16 07:15

Updated : 2024-09-17 18:40

NVD link : CVE-2024-45694

Mitre link : CVE-2024-45694

CVE.ORG link : CVE-2024-45694

JSON object : View

Products Affected

dlink

  • dir-x5460
  • dir-x4860_firmware
  • dir-x5460_firmware
  • dir-x4860
CWE
CWE-121

Stack-based Buffer Overflow