CVE-2024-37606

Name of the Vulnerable Software and Affected Versions D-Link DCS-932L version REVB FIRMWARE 2.18.01

Description A stack overflow vulnerability in the D-Link DCS-932L allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The vulnerability is related to the /bin/alphapd file and is triggered by a buffer overflow when processing the AUTHORIZATION field in the HTTP request header. This can be exploited by a remote attacker to cause a denial of service by sending specially crafted HTTP requests.

Recommendations For D-Link DCS-932L version REVB FIRMWARE 2.18.01, consider disabling the vulnerable function or restricting access to the /bin/alphapd file until a patch is available. Avoid using the AUTHORIZATION field in HTTP requests to the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.