CVE-2024-36831

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36831
A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://docs.google.com/document/d/15CVb7XHIgtfeW1W1pLZJWvlBMYN1rtr75vqZqf1v3Eo/edit?usp=sharing Permissions Required
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10395 Vendor Advisory
https://www.dlink.com/en Product
https://www.dlink.com/en/security-bulletin/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dap-1520_firmware:1.10b04:beta02:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1520:-:*:*:*:*:*:*:*
History

21 May 2025, 15:21

Type Values Removed Values Added
Summary
  • (es) Una desreferencia de puntero NULL en plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX permite a los atacantes provocar una denegación de servicio (DoS) a través de una solicitud HTTP manipulada sin autenticación.
First Time Dlink
Dlink dap-1520
Dlink dap-1520 Firmware
CPE cpe:2.3:h:dlink:dap-1520:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1520_firmware:1.10b04:beta02:*:*:*:*:*:*
References () https://docs.google.com/document/d/15CVb7XHIgtfeW1W1pLZJWvlBMYN1rtr75vqZqf1v3Eo/edit?usp=sharing - () https://docs.google.com/document/d/15CVb7XHIgtfeW1W1pLZJWvlBMYN1rtr75vqZqf1v3Eo/edit?usp=sharing - Permissions Required
References () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10395 - () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10395 - Vendor Advisory
References () https://www.dlink.com/en - () https://www.dlink.com/en - Product
References () https://www.dlink.com/en/security-bulletin/ - () https://www.dlink.com/en/security-bulletin/ - Product

17 Dec 2024, 16:15

Type Values Removed Values Added
CWE CWE-476
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

17 Dec 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-17 15:15

Updated : 2025-05-21 15:21

NVD link : CVE-2024-36831

Mitre link : CVE-2024-36831

CVE.ORG link : CVE-2024-36831

JSON object : View

Products Affected

dlink

  • dap-1520
  • dap-1520_firmware
CWE
CWE-476

NULL Pointer Dereference