CVE-2024-57376

High

Published: 28 January 2025

Published

28 January 2025

Modified

01 July 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.5186 97.9th percentile

Risk Priority 49 60% EPSS · 20% KEV · 20% CVSS

Description

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

Security Summary

CVE-2024-57376 is a buffer overflow vulnerability (CWE-120) present in D-Link routers, specifically the DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N models running firmware versions from 3.13 to 3.17B901C. The flaw allows unauthenticated users to achieve remote code execution.

The vulnerability can be exploited by unauthenticated attackers on an adjacent network (AV:A) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and without changing scope (S:U). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 8.8.

D-Link has published a security bulletin with further details at https://www.dlink.com/en/security-bulletin/.

Details

CWE(s): CWE-120

Affected Products

dlink

dsr-150 firmware

3.13 — 3.17B901C

dlink

dsr-150n firmware

3.13 — 3.17B901C

dlink

dsr-250 firmware

3.13 — 3.17B901C

dlink

dsr-250n firmware

3.13 — 3.17B901C

dlink

dsr-500 firmware

3.13 — 3.17B901C

dlink

dsr-1000n firmware

3.13 — 3.17b901c

References

https://www.dlink.com/en/security-bulletin/
Vendor Advisory · cve@mitre.org