CVE-2024-7830 Information

Description

UNSUPPORTED WHEN ASSIGNED A vulnerability which was classified as critical was found in D-Link DNS-120 DNR-202L DNS-315L DNS-320 DNS-320L DNS-320LW DNS-321 DNR-322L DNS-323 DNS-325 DNS-326 DNS-327L DNR-326 DNS-340L DNS-343 DNS-345 DNS-726-4 DNS-1100-4 DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_move_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument photo_name leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Reference

https://vuldb.com/?id.274728 https://vuldb.com/?ctiid.274728 https://vuldb.com/?submit.390118 https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_move_photo.md