Buffer Overflow Vulnerability in D-Link Network Attached Storage Products
CVE-2024-7849

Currently unrated

Key Information:

Vendor: D-Link
Vendor: CVE Published:; 16 August 2024

What is CVE-2024-7849?

A significant buffer overflow vulnerability has been identified in various D-Link Network Attached Storage (NAS) products, specifically within the cgi_create_album function of photocenter_mgr.cgi. This vulnerability arises from improper handling of the current_path argument, which could allow an attacker to execute arbitrary code remotely. This issue affects several NAS models that are no longer supported by the vendor, indicating a critical concern for users still operating these devices. It is highly recommended to phase out these devices and transition to supported alternatives to mitigate potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.274755

https://vuldb.com/?ctiid.274755

https://vuldb.com/?submit.390113

Timeline

Vulnerability published
Aug 16, 2024

JSON

D-Link

What is CVE-2024-7849?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.