CVE-2024-44674 — MEDIUM (5.7)

Vulnerability Description

D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Dlink	Covr-2600R Firmware	1.01b05
Dlink	Covr-2600R	-

Related Weaknesses (CWE)

CWE-121

References

https://github.com/REYu6/iot/blob/21e59c0cf491a9663423c515370c4fcb43436ae0/CVE/dExploitThird Party Advisory
https://www.dlink.com/en/security-bulletin/Product

FAQ

What is CVE-2024-44674?

CVE-2024-44674 is a vulnerability with a CVSS score of 5.7 (MEDIUM). D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be ...

How severe is CVE-2024-44674?

CVE-2024-44674 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-44674?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Covr-2600R Firmware, Dlink Covr-2600R.