cve-2024-7829
Vulnerability from cvelistv5
Published
2024-08-15 12:31
Modified
2024-08-15 16:01
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
References
cna@vuldb.comhttps://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.mdExploit
cna@vuldb.comhttps://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383Vendor Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.274727Permissions Required, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.274727Permissions Required, Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.390117Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
D-Link DNR-202L Version: 20240814
D-Link DNS-315L Version: 20240814
D-Link DNS-320 Version: 20240814
D-Link DNS-320L Version: 20240814
D-Link DNS-320LW Version: 20240814
D-Link DNS-321 Version: 20240814
D-Link DNR-322L Version: 20240814
D-Link DNS-323 Version: 20240814
D-Link DNS-325 Version: 20240814
D-Link DNS-326 Version: 20240814
D-Link DNS-327L Version: 20240814
D-Link DNR-326 Version: 20240814
D-Link DNS-340L Version: 20240814
D-Link DNS-343 Version: 20240814
D-Link DNS-345 Version: 20240814
D-Link DNS-726-4 Version: 20240814
D-Link DNS-1100-4 Version: 20240814
D-Link DNS-1200-05 Version: 20240814
D-Link DNS-1550-04 Version: 20240814
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dns-120",
            "vendor": "dlink",
            "versions": [
              {
                "status": "affected",
                "version": "20240814"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7829",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T13:48:17.210667Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T13:51:06.579Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20240814"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BuaaI0TTeam (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 bis 20240814 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion cgi_del_photo der Datei /cgi-bin/photocenter_mgr.cgi. Mit der Manipulation des Arguments current_path mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-15T16:01:13.603Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-274727 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.274727"
        },
        {
          "name": "VDB-274727 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.274727"
        },
        {
          "name": "Submit #390117 | D-Link DNS 320/320L/321/323/325/327L Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.390117"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-15T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-15T18:05:42.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7829",
    "datePublished": "2024-08-15T12:31:05.244Z",
    "dateReserved": "2024-08-15T05:27:23.404Z",
    "dateUpdated": "2024-08-15T16:01:13.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C44BE2C6-BF3E-43C3-B32F-2DCE756F94BC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E161E54-2FE9-4359-9B2D-8700D00DE8E7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96195649-172A-4C21-AA15-7B05F86C5CEC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07A92F2C-16FD-4A53-8066-83FEC2818DF5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8CFCD7B-EFFB-4FAB-9537-46AC7B567126\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03C5CED7-55A7-4026-95CD-A2ADB5853823\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4452F9A4-3A0A-4773-9818-04C94CF9F8E7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4599D769-0210-4D49-9896-9AD1376A037E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C677E53-6885-4EC4-A7CC-E24E8F445F59\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FE78C5B-2A98-47EE-BF67-CF58AFE50A37\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45467ABC-BAA9-4EB0-9F97-92E31854CA8B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC28053F-88A9-4CA1-A2A2-CC90FEEA68FC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A278BC9-6197-43D9-93C2-3DF760856FB7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD3AD5EE-8E1E-4336-A1AB-AB028CC71286\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DAF62A4-2429-4B89-8FAD-8B23EF15E050\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"641CB5F1-3DE0-480B-95A4-FC42A8FF3C97\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94ED678A-AB4C-4637-B0D8-C232A0BB5D5F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16954393-3449-438A-978C-265EE3A35FF8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8042169D-D9FA-4BD6-90D1-E0DE269E42B9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5E6F048-D865-4378-87C7-B0E528134276\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D26F4F77-A6E3-4D7D-A781-BEB5FF7BC44F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"172D5EFF-E0DF-4A99-8499-71450A46A86C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB305B29-7F89-4A52-9ECF-3DB0BDD2350D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"816E5F34-CE76-49E5-91F3-8CC84C561558\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33CB308B-CF82-4E40-B2DC-23EBD48CD130\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39FF9666-8493-4A36-A199-1190AD8FAF3D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0646B20C-5642-4CEA-A96C-7E82AD94A281\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD656642-EDD4-4EB2-81AB-04207BC14196\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F968791D-D3BD-442C-818E-4E878B12776D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12C5E2D7-018E-4ED1-92C7-B5B1D8CC6990\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7E56821-7EA0-4CA1-BA17-7FD4ED9F794C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A74D270-9076-474D-A06F-C915FCEA2164\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75E5010F-21BA-4B6B-B00C-2688268FD67B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CAFE1E3-B705-4CF1-AEB9-A474432B6D34\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5D08ED7-3E7F-4D30-890E-6535F6C34682\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42DA6DEB-3578-44A5-916F-1628141F0DDE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D042C75D-6731-46B2-B11E-A009B9029B3F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2C1EF70-AD9B-48D7-8DF6-A6416C517F12\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E691E775-382C-4BA9-AA44-FBC3148D3E54\"}]}]}]",
      "cveTags": "[{\"sourceIdentifier\": \"cna@vuldb.com\", \"tags\": [\"unsupported-when-assigned\"]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.\"}, {\"lang\": \"es\", \"value\": \"** NO SOPORTADO CUANDO SE ASIGN\\u00d3 ** Se encontr\\u00f3 una vulnerabilidad clasificada como cr\\u00edtica en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321 , DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS -1200-05 y DNS-1550-04 hasta 20240814. Este problema afecta la funci\\u00f3n cgi_del_photo del archivo /cgi-bin/photocenter_mgr.cgi. La manipulaci\\u00f3n del argumento current_path provoca un desbordamiento de b\\u00fafer. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\\u00fablico y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\\u00f3 al proveedor tempranamente y se confirm\\u00f3 que el producto ha llegado al final de su vida \\u00fatil. Deber\\u00eda retirarse y reemplazarse.\"}]",
      "id": "CVE-2024-7829",
      "lastModified": "2024-08-19T18:34:00.040",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2024-08-15T13:15:14.107",
      "references": "[{\"url\": \"https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.274727\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Permissions Required\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?id.274727\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?submit.390117\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cna@vuldb.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-7829\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2024-08-15T13:15:14.107\",\"lastModified\":\"2024-08-19T18:34:00.040\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[{\"sourceIdentifier\":\"cna@vuldb.com\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.\"},{\"lang\":\"es\",\"value\":\"** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321 , DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS -1200-05 y DNS-1550-04 hasta 20240814. Este problema afecta la funci\u00f3n cgi_del_photo del archivo /cgi-bin/photocenter_mgr.cgi. La manipulaci\u00f3n del argumento current_path provoca un desbordamiento de b\u00fafer. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 al proveedor tempranamente y se confirm\u00f3 que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C44BE2C6-BF3E-43C3-B32F-2DCE756F94BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E161E54-2FE9-4359-9B2D-8700D00DE8E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96195649-172A-4C21-AA15-7B05F86C5CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07A92F2C-16FD-4A53-8066-83FEC2818DF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8CFCD7B-EFFB-4FAB-9537-46AC7B567126\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C5CED7-55A7-4026-95CD-A2ADB5853823\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4452F9A4-3A0A-4773-9818-04C94CF9F8E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0F5355E-F68D-49FE-9793-1FD9BD9AF3E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4599D769-0210-4D49-9896-9AD1376A037E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C677E53-6885-4EC4-A7CC-E24E8F445F59\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FE78C5B-2A98-47EE-BF67-CF58AFE50A37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45467ABC-BAA9-4EB0-9F97-92E31854CA8B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC28053F-88A9-4CA1-A2A2-CC90FEEA68FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A278BC9-6197-43D9-93C2-3DF760856FB7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD3AD5EE-8E1E-4336-A1AB-AB028CC71286\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAF62A4-2429-4B89-8FAD-8B23EF15E050\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641CB5F1-3DE0-480B-95A4-FC42A8FF3C97\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94ED678A-AB4C-4637-B0D8-C232A0BB5D5F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16954393-3449-438A-978C-265EE3A35FF8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8042169D-D9FA-4BD6-90D1-E0DE269E42B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E6F048-D865-4378-87C7-B0E528134276\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F4F77-A6E3-4D7D-A781-BEB5FF7BC44F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"172D5EFF-E0DF-4A99-8499-71450A46A86C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB305B29-7F89-4A52-9ECF-3DB0BDD2350D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"816E5F34-CE76-49E5-91F3-8CC84C561558\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33CB308B-CF82-4E40-B2DC-23EBD48CD130\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39FF9666-8493-4A36-A199-1190AD8FAF3D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0646B20C-5642-4CEA-A96C-7E82AD94A281\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD656642-EDD4-4EB2-81AB-04207BC14196\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F968791D-D3BD-442C-818E-4E878B12776D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12C5E2D7-018E-4ED1-92C7-B5B1D8CC6990\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7E56821-7EA0-4CA1-BA17-7FD4ED9F794C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A74D270-9076-474D-A06F-C915FCEA2164\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75E5010F-21BA-4B6B-B00C-2688268FD67B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CAFE1E3-B705-4CF1-AEB9-A474432B6D34\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5D08ED7-3E7F-4D30-890E-6535F6C34682\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42DA6DEB-3578-44A5-916F-1628141F0DDE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D042C75D-6731-46B2-B11E-A009B9029B3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C1EF70-AD9B-48D7-8DF6-A6416C517F12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E691E775-382C-4BA9-AA44-FBC3148D3E54\"}]}]}],\"references\":[{\"url\":\"https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.274727\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.274727\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.390117\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7829\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-15T13:48:17.210667Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*\"], \"vendor\": \"dlink\", \"product\": \"dns-120\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-15T13:50:55.751Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"BuaaI0TTeam (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 9, \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\"}}], \"affected\": [{\"vendor\": \"D-Link\", \"product\": \"DNS-120\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNR-202L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-315L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-320\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-320L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-320LW\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-321\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNR-322L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-323\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-325\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-326\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-327L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNR-326\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-340L\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-343\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-345\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-726-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-1100-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-1200-05\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}, {\"vendor\": \"D-Link\", \"product\": \"DNS-1550-04\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240814\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-08-15T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2024-08-15T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2024-08-15T18:05:42.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.274727\", \"name\": \"VDB-274727 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.274727\", \"name\": \"VDB-274727 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.390117\", \"name\": \"Submit #390117 | D-Link DNS 320/320L/321/323/325/327L Buffer Overflow\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md\", \"tags\": [\"exploit\"]}, {\"url\": \"https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383\", \"tags\": [\"related\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.\"}, {\"lang\": \"de\", \"value\": \"Eine Schwachstelle wurde in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 bis 20240814 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion cgi_del_photo der Datei /cgi-bin/photocenter_mgr.cgi. Mit der Manipulation des Arguments current_path mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk passieren. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2024-08-15T16:01:13.603Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7829\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-15T16:01:13.603Z\", \"dateReserved\": \"2024-08-15T05:27:23.404Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2024-08-15T12:31:05.244Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.