Description
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/REYu6/iot/blob/21e59c0cf491a9663423c515370c4fcb43436ae0/CVE/dlink/Covr-3902/2600R.md
Scores
CVSS v3
5.7
EPSS
0.0484
EPSS Percentile
89.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-121
Status
published
Products (1)
dlink/covr-2600r_firmware
1.01b05
Published
Oct 07, 2024
Tracked Since
Feb 18, 2026