CVE-2024-57538

Name of the Vulnerable Software and Affected Versions Linksys E8450 version 1.2.00.360516

Description The issue is related to a buffer overflow vulnerability. The anonymous protect status field is copied to the stack without length verification, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability is also associated with the sub 422eb8 function and the strncpy parameter, where the buffer is copied without checking the size of the input data.

Recommendations For Linksys E8450 version 1.2.00.360516, consider disabling the sub 422eb8 function or restricting the use of the anonymous protect status field until a patch is available. Avoid using the strncpy parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.