CVE-2024-42812

Name of the Vulnerable Software and Affected Versions D-Link DIR-860L version 2.03

Description The issue is related to a buffer overflow vulnerability in the gena.cgi file of the D-Link DIR-860L router's firmware. This vulnerability is caused by the lack of length verification for the SID field in gena.cgi, allowing an attacker to send a specially crafted POST request to exploit the vulnerability. Successful exploitation can cause the remote target device to crash or execute arbitrary commands.

Recommendations For D-Link DIR-860L version 2.03, consider disabling the gena.cgi file or restricting access to it until a patch is available. As a temporary workaround, avoid using the SID field in the gena.cgi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.