CVE-2024-57376

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-57376
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dlink.com/en/security-bulletin/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*
History

01 Jul 2025, 15:15

Type Values Removed Values Added
References () https://www.dlink.com/en/security-bulletin/ - () https://www.dlink.com/en/security-bulletin/ - Vendor Advisory
First Time Dlink dsr-500 Firmware
Dlink dsr-150 Firmware
Dlink dsr-250
Dlink dsr-250 Firmware
Dlink dsr-1000n
Dlink dsr-150
Dlink dsr-1000n Firmware
Dlink dsr-150n Firmware
Dlink dsr-150n
Dlink dsr-500
Dlink dsr-250n
Dlink
Dlink dsr-250n Firmware
CPE cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*

29 Jan 2025, 16:15

Type Values Removed Values Added
CWE CWE-120
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
Summary
  • (es) La vulnerabilidad de desbordamiento de búfer en D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N de 3.13 a 3.17B901C permite a usuarios no autenticados ejecutar código remoto.

28 Jan 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-28 22:15

Updated : 2025-07-01 15:15

NVD link : CVE-2024-57376

Mitre link : CVE-2024-57376

CVE.ORG link : CVE-2024-57376

JSON object : View

Products Affected

dlink

  • dsr-150n
  • dsr-1000n
  • dsr-250
  • dsr-500_firmware
  • dsr-1000n_firmware
  • dsr-250_firmware
  • dsr-150n_firmware
  • dsr-250n_firmware
  • dsr-150
  • dsr-250n
  • dsr-500
  • dsr-150_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')