CVE-2024-44674

Name of the Vulnerable Software and Affected Versions D-Link COVR-2600R version FW101b05

Description The issue is related to a Buffer Overflow vulnerability. In the function sub 24E28, the HTTP REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src. This vulnerability can be exploited via the HTTP REFERER field.

Recommendations For D-Link COVR-2600R version FW101b05, as a temporary workaround, consider restricting access to the sub 24E28 function until a patch is available. Avoid using the HTTP REFERER field in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.