CVE-2024-57376

HIGH

D-Link DSR-150/150N/250/250N/500/1000N 3.13-3.17B901C - Unauthenticated Remote Code Execution via Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57376. PoCs published by DelspoN.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-57376, a pre-authentication remote code execution vulnerability in D-Link DSR-250 and DSR-250N devices. The exploit leverages a stack buffer overflow in the `duaCP.logout` function, triggered via the `extCpResult` parameter, to achieve arbitrary command execution.

Description

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

Exploits (1)

nomisec WORKING POC 1 stars

by DelspoN · poc

https://github.com/DelspoN/CVE-2024-57376

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-57376, a pre-authentication remote code execution vulnerability in D-Link DSR-250 and DSR-250N devices. The exploit leverages a stack buffer overflow in the `duaCP.logout` function, triggered via the `extCpResult` parameter, to achieve arbitrary command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: D-Link DSR-250 and DSR-250N (firmware versions affected by CVE-2024-57376)

No auth needed

Prerequisites: Network access to the target device · Target device must be running vulnerable firmware

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://www.dlink.com/en/security-bulletin/

Scores

CVSS v3 8.8

EPSS 0.0365

EPSS Percentile 88.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (6)

dlink/dsr-1000n_firmware 3.13 - 3.17b901c

dlink/dsr-150_firmware 3.13 - 3.17B901C

dlink/dsr-150n_firmware 3.13 - 3.17B901C

dlink/dsr-250_firmware 3.13 - 3.17B901C

dlink/dsr-250n_firmware 3.13 - 3.17B901C

dlink/dsr-500_firmware 3.13 - 3.17B901C

Published Jan 28, 2025

Tracked Since Feb 18, 2026