Sign-up

ID

VAR-202408-1790


CVE

CVE-2024-42812


TITLE

D-Link Systems, Inc.  of  DIR-860L  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-010180

DESCRIPTION

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. D-Link Systems, Inc. of DIR-860L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-860L is a wireless router from China's D-Link Corporation. It supports Wi-Fi 5 and offers dual-band (2.4GHz and 5GHz) network connectivity with a maximum transfer speed of 1200Mbps. The device has a built-in antenna, one USB 3.0 port, and four Gigabit wired ports

Trust: 2.16

sources: NVD: CVE-2024-42812 // JVNDB: JVNDB-2024-010180 // CNVD: CNVD-2025-18886

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18886

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-860lscope:eqversion:2.0.3

Trust: 1.0

vendor:d linkmodel:dir-860lscope:eqversion:dir-860l firmware 2.0.3

Trust: 0.8

vendor:d linkmodel:dir-860lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-860lscope: - version: -

Trust: 0.8

vendor:youxunmodel:technology dir-860lscope:eqversion:2.03

Trust: 0.6

sources: CNVD: CNVD-2025-18886 // JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-42812
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42812
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-42812
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-18886
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-18886
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-42812
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-42812
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-18886 // JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812 // NVD: CVE-2024-42812

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

PATCH

title:Patch for D-Link Technology DIR-860L Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/721036

Trust: 0.6

sources: CNVD: CNVD-2025-18886

EXTERNAL IDS

db:NVDid:CVE-2024-42812

Trust: 3.2

db:JVNDBid:JVNDB-2024-010180

Trust: 0.8

db:CNVDid:CNVD-2025-18886

Trust: 0.6

sources: CNVD: CNVD-2025-18886 // JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

REFERENCES

url:https://www.dlink.com/en/security-bulletin/

Trust: 2.4

url:https://gist.github.com/xiaocurry/574ed9c2b0d12cd0b45399116d82121c

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-42812

Trust: 0.8

sources: CNVD: CNVD-2025-18886 // JVNDB: JVNDB-2024-010180 // NVD: CVE-2024-42812

SOURCES

db:CNVDid:CNVD-2025-18886
db:JVNDBid:JVNDB-2024-010180
db:NVDid:CVE-2024-42812

LAST UPDATE DATE

2025-08-21T23:39:03.385000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-18886date:2025-08-20T00:00:00
db:JVNDBid:JVNDB-2024-010180date:2024-10-11T01:57:00
db:NVDid:CVE-2024-42812date:2025-03-17T16:15:22.480

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-18886date:2025-08-19T00:00:00
db:JVNDBid:JVNDB-2024-010180date:2024-10-11T00:00:00
db:NVDid:CVE-2024-42812date:2024-08-19T20:15:07.070