CVE-2024-7829

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

CVSS v3 9.8 CRITICAL
CVSS v2.0 9.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md	Exploit
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383	Vendor Advisory
https://vuldb.com/?ctiid.274727	Permissions Required VDB Entry
https://vuldb.com/?id.274727	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?submit.390117	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*

History

19 Aug 2024, 18:34

Type	Values Removed	Values Added
CPE		cpe:2.3:h:dlink:dns-120:-:::::::* cpe:2.3:o:dlink:dns-345_firmware:-:::::::* cpe:2.3:o:dlink:dnr-326_firmware:-:::::::* cpe:2.3:h:dlink:dns-345:-:::::::* cpe:2.3:o:dlink:dns-120_firmware:-:::::::* cpe:2.3:o:dlink:dns-340l_firmware:-:::::::* cpe:2.3:h:dlink:dns-325:-:::::::* cpe:2.3:h:dlink:dnr-322l:-:::::::* cpe:2.3:o:dlink:dns-1200-05_firmware:-:::::::* cpe:2.3:o:dlink:dns-315l_firmware:-:::::::* cpe:2.3:h:dlink:dns-1550-04:-:::::::* cpe:2.3:h:dlink:dnr-326:-:::::::* cpe:2.3:o:dlink:dns-726-4_firmware:-:::::::* cpe:2.3:h:dlink:dns-343:-:::::::* cpe:2.3:o:dlink:dns-1100-4_firmware:-:::::::* cpe:2.3:o:dlink:dns-1550-04_firmware:-:::::::* cpe:2.3:h:dlink:dns-726-4:-:::::::* cpe:2.3:h:dlink:dns-315l:-:::::::* cpe:2.3:h:dlink:dns-320lw:-:::::::* cpe:2.3:o:dlink:dns-321_firmware:-:::::::* cpe:2.3:h:dlink:dnr-202l:-:::::::* cpe:2.3:o:dlink:dnr-202l_firmware:-:::::::* cpe:2.3:o:dlink:dns-327l_firmware:-:::::::* cpe:2.3:o:dlink:dnr-322l_firmware:-:::::::* cpe:2.3:h:dlink:dns-1100-4:-:::::::* cpe:2.3:h:dlink:dns-327l:-:::::::* cpe:2.3:o:dlink:dns-320lw_firmware:-:::::::* cpe:2.3:h:dlink:dns-320:-:::::::* cpe:2.3:h:dlink:dns-1200-05:-:::::::* cpe:2.3:o:dlink:dns-323_firmware:-:::::::* cpe:2.3:h:dlink:dns-323:-:::::::* cpe:2.3:o:dlink:dns-320l_firmware:-:::::::* cpe:2.3:h:dlink:dns-326:-:::::::* cpe:2.3:h:dlink:dns-340l:-:::::::* cpe:2.3:h:dlink:dns-321:-:::::::* cpe:2.3:o:dlink:dns-343_firmware:-:::::::* cpe:2.3:h:dlink:dns-320l:-:::::::* cpe:2.3:o:dlink:dns-320_firmware:-:::::::* cpe:2.3:o:dlink:dns-326_firmware:-:::::::* cpe:2.3:o:dlink:dns-325_firmware:-:::::::*
First Time		Dlink dns-325 Dlink dns-345 Dlink dns-327l Dlink dns-1100-4 Dlink dns-343 Firmware Dlink dns-1550-04 Dlink dns-320lw Firmware Dlink dns-320lw Dlink dnr-202l Firmware Dlink dns-120 Firmware Dlink dns-320 Dlink dns-315l Firmware Dlink dns-321 Dlink dnr-202l Dlink dns-1100-4 Firmware Dlink dns-315l Dlink dns-327l Firmware Dlink dnr-322l Dlink dns-323 Dlink dns-1550-04 Firmware Dlink dns-343 Dlink dnr-326 Dlink dns-326 Firmware Dlink dns-320l Dlink dns-340l Dlink dns-320l Firmware Dlink dns-726-4 Dlink dns-120 Dlink dns-320 Firmware Dlink dns-323 Firmware Dlink dns-340l Firmware Dlink dns-1200-05 Dlink dns-345 Firmware Dlink dns-321 Firmware Dlink Dlink dnr-326 Firmware Dlink dns-325 Firmware Dlink dns-1200-05 Firmware Dlink dns-726-4 Firmware Dlink dnr-322l Firmware Dlink dns-326
Summary		(es) NO SOPORTADO CUANDO SE ASIGNÓ Se encontró una vulnerabilidad clasificada como crítica en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321 , DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS -1200-05 y DNS-1550-04 hasta 20240814. Este problema afecta la función cgi_del_photo del archivo /cgi-bin/photocenter_mgr.cgi. La manipulación del argumento current_path provoca un desbordamiento de búfer. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contactó al proveedor tempranamente y se confirmó que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.
References	~~() https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md -~~	() https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md - Exploit
References	~~() https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 -~~	() https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 - Vendor Advisory
References	~~() https://vuldb.com/?ctiid.274727 -~~	() https://vuldb.com/?ctiid.274727 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.274727 -~~	() https://vuldb.com/?id.274727 - Permissions Required, Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.390117 -~~	() https://vuldb.com/?submit.390117 - Third Party Advisory, VDB Entry
CVSS	v2 : ~~9.0~~ v3 : ~~8.8~~	v2 : 9.0 v3 : 9.8

15 Aug 2024, 16:15

Type	Values Removed	Values Added
References		() https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 -

15 Aug 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-15 13:15

Updated : 2024-08-19 18:34

NVD link : CVE-2024-7829

Mitre link : CVE-2024-7829

CVE.ORG link : CVE-2024-7829

JSON object : View

Products Affected

dlink

dns-325_firmware
dnr-202l
dns-343_firmware
dns-320_firmware
dns-345
dns-1100-4
dns-321_firmware
dns-340l_firmware
dns-1100-4_firmware
dns-323_firmware
dns-326_firmware
dns-327l
dns-326
dns-320l_firmware
dns-315l
dns-726-4_firmware
dns-321
dnr-326_firmware
dnr-322l_firmware
dns-345_firmware
dns-1200-05_firmware
dns-325
dns-320lw_firmware
dns-726-4
dns-320lw
dns-340l
dns-1200-05
dns-1550-04_firmware
dns-1550-04
dnr-326
dns-343
dnr-322l
dns-120_firmware
dns-315l_firmware
dns-327l_firmware
dns-120
dns-320l
dns-323
dnr-202l_firmware
dns-320

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

9.8 /10