CVE-2024-7831 Information

Description

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-120 DNR-202L DNS-315L DNS-320 DNS-320L DNS-320LW DNS-321 DNR-322L DNS-323 DNS-325 DNS-326 DNS-327L DNR-326 DNS-340L DNS-343 DNS-345 DNS-726-4 DNS-1100-4 DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Reference

https://vuldb.com/?id.274729 https://vuldb.com/?ctiid.274729 https://vuldb.com/?submit.390119 https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_cooliris.md