Buffer Overflow Vulnerability in D-Link Network Attached Storage Products
CVE-2024-7849

Currently unrated

Key Information:

Vendor: D-Link
Vendor: CVE Published:; 16 August 2024

Summary

A significant buffer overflow vulnerability has been identified in various D-Link Network Attached Storage (NAS) products, specifically within the cgi_create_album function of photocenter_mgr.cgi. This vulnerability arises from improper handling of the current_path argument, which could allow an attacker to execute arbitrary code remotely. This issue affects several NAS models that are no longer supported by the vendor, indicating a critical concern for users still operating these devices. It is highly recommended to phase out these devices and transition to supported alternatives to mitigate potential risks associated with this vulnerability.

References

https://vuldb.com/?id.274755

https://vuldb.com/?ctiid.274755

https://vuldb.com/?submit.390113

Timeline

Vulnerability published
Aug 16, 2024