D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 21 May 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink covr-2600r
CPEs cpe:2.3:h:dlink:covr-2600r:-:*:*:*:*:*:*:*
Vendors & Products Dlink covr-2600r

Mon, 07 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink covr-2600r Firmware
Weaknesses CWE-121
CPEs cpe:2.3:o:dlink:covr-2600r_firmware:1.01b05:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink covr-2600r Firmware
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 07 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-07T19:37:51.915Z

Reserved: 2024-08-21T00:00:00

Link: CVE-2024-44674

cve-icon Vulnrichment

Updated: 2024-10-07T19:37:42.568Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-07T18:15:04.590

Modified: 2025-05-21T14:51:38.190

Link: CVE-2024-44674

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.