Cyber Resilience

CVE-2024-44674

MediumPublic PoC

Published: 07 October 2024

Published
07 October 2024
Modified
21 May 2025
KEV Added
Patch
CVSS Score v3.1 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0620 91.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44674 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dlink Covr-2600R Firmware. Its CVSS base score is 5.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link COVR-2600R firmware version FW101b05 contains a stack-based buffer overflow vulnerability (CWE-121) in the sub_24E28 function. The routine retrieves the HTTP_REFERER value from an environment variable and copies it into a destination buffer without adequate bounds checking, allowing an attacker-controlled source string to overflow the target.

An attacker with adjacent-network access and a low-privileged account can supply a crafted HTTP_REFERER value to trigger the overflow. Successful exploitation yields high-integrity impact, enabling modification of device behavior or execution of arbitrary code on the affected router while requiring no user interaction.

D-Link has published a security advisory covering the COVR series at https://www.dlink.com/en/security-bulletin/; the linked technical note at https://github.com/REYu6/iot/blob/21e59c0cf491a9663423c515370c4fcb43436ae0/CVE/dlink/Covr-3902/2600R.md provides additional reproduction details. The EPSS score has remained flat at 0.0620 since disclosure.

EU & UK References

Vulnerability details

D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the web interface via controllable HTTP_REFERER enables exploitation of a public-facing application on the D-Link router for potential remote code execution.

Affected Assets

dlink
covr-2600r firmware
1.01b05

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References