CRITICAL🇵🇱 Wersja polska

CVE-2024-45694

CVSS 9.8v3.1pub. 2024-09-16upd. 2024-09-17

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

🤖 AI Analysis
How it works

The vulnerability results from a stack-based buffer overflow error (CWE-121) in the device's web service. An attacker can send a specially crafted network request that causes a stack buffer overflow, overwriting program control data. No authentication or user interaction is required, and the attack can be conducted remotely over the network.

Impact

An attacker can gain full control of the device by executing arbitrary code (RCE), which can lead to violations of confidentiality, integrity, and availability of data and network resources managed by the router.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with references published by TWCERT (https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html). Until firmware is updated, consider restricting access to the device's web interface exclusively to trusted IP addresses or local networks.

Who is affected

D-Link DIR-X5460 routers — versions indicated in the manufacturer's references (TWCERT)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir X4860

    HW
    Dlink
    a1
  • Dlink Dir X4860 Firmware

    OS
    Dlink
    1.001.04
  • Dlink Dir X5460

    HW
    Dlink
    a1
  • Dlink Dir X5460 Firmware

    OS
    Dlink
    1.011.021.041.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2024-45695CRITICAL9.8PL ✓ten sam produkt

Stack-based Buffer Overflow w routerach D-Link DIR-X4860 umożliwiający RCE

CVE-2024-45697CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-X4860 — ukryta usługa telnet z zakodowanymi danymi logowania

CVE-2024-45698CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-X4860: command injection przez telnet z użyciem zakodowanych poświadczeń

CVE-2024-45696HIGH8.8ten sam produkt

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web...

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam vendor

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)