Buffer Overflow Vulnerability in D-Link DSR Series Routers
CVE-2024-57376

8.8HIGH

Key Information:

Vendor
D-Link
Status
DSR Series Routers
Vendor
CVE Published:
28 January 2025

What is CVE-2024-57376?

CVE-2024-57376 is a buffer overflow vulnerability found in various D-Link DSR series routers, including models DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N. This issue arises in specific firmware versions ranging from 3.13 to 3.17B901C. It is particularly dangerous because it allows unauthenticated users to execute remote code, which can lead to significant operational disruptions and security breaches within an organization's network infrastructure. By exploiting this vulnerability, attackers could potentially gain unauthorized control over the router, impacting both network performance and data integrity.

Technical Details

CVE-2024-57376 is characterized by inadequate memory management within the affected D-Link router models. The buffer overflow allows attackers to send specially crafted inputs that overflow the memory buffer, thus enabling the execution of arbitrary code. The lack of authentication checks means that malicious actors do not need prior credentials or access to exploit the vulnerability, potentially making it a widespread threat for unprotected devices.

Potential impact of CVE-2024-57376

  1. Remote Code Execution: The primary risk associated with this vulnerability is the capability for attackers to execute remote code. This could lead to unauthorized access to sensitive systems, enabling cybercriminals to carry out further malicious activities.

  2. Network Compromise: Successful exploitation may result in the compromise of the entire network hosted behind the affected router. This can manifest as data breaches, unauthorized surveillance, and manipulation of network traffic.

  3. Operational Disruption: Organizations may experience significant downtime and disruption to their operations if their network infrastructure is compromised. This could also lead to loss of customer trust and potential financial repercussions due to the recovery efforts needed to address the breach.

References

https://www.dlink.com/en/security-bulletin/

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.