CVE-2024-25331

CRITICAL

D-Link DIR-822 Rev. B Firmware - HNAP Buffer Overflow Remote Code Execution

Title source: manual

Description

DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow.

References (2)

Core 2

Core References

Various Sources

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10372

Various Sources

https://www.ensigninfosecurity.com/advisories/vulnerability-advisories/2

Scores

CVSS v3 9.3

EPSS 0.0033

EPSS Percentile 25.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Published Mar 12, 2024

Tracked Since Feb 18, 2026