Cyber Resilience

CVE-2024-57376

High

Published: 28 January 2025

Published
28 January 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5377 98.0th percentile
Risk Priority 50 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57376 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Dsr-150 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A buffer overflow vulnerability tracked as CVE-2024-57376 affects D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N devices running firmware versions 3.13 through 3.17B901C. The flaw, assigned CWE-120, carries a CVSS 3.1 score of 8.8 and stems from improper bounds checking that permits memory corruption.

Unauthenticated attackers with network adjacency can trigger the overflow without credentials or user interaction, enabling remote code execution that compromises confidentiality, integrity, and availability on the affected router. The attack vector requires only local network access and low attack complexity.

D-Link has published a security bulletin at https://www.dlink.com/en/security-bulletin/ that addresses the affected models. The current EPSS score of 0.5377, with a recorded peak of 0.5944, indicates moderate and sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow enables unauthenticated RCE on exposed router services/interfaces (adjacent network).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-60553Same vendor: Dlink
CVE-2025-46108Same vendor: Dlink
CVE-2025-50670Same vendor: Dlink
CVE-2025-60554Same vendor: Dlink
CVE-2025-52222Same vendor: Dlink
CVE-2025-45058Same vendor: Dlink
CVE-2025-50650Same vendor: Dlink
CVE-2025-60548Same vendor: Dlink
CVE-2025-13304Same vendor: Dlink
CVE-2025-15193Same vendor: Dlink

Affected Assets

dlink
dsr-150 firmware
3.13 — 3.17B901C
dlink
dsr-150n firmware
3.13 — 3.17B901C
dlink
dsr-250 firmware
3.13 — 3.17B901C
dlink
dsr-250n firmware
3.13 — 3.17B901C
dlink
dsr-500 firmware
3.13 — 3.17B901C
dlink
dsr-1000n firmware
3.13 — 3.17b901c

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of the buffer overflow flaw via timely firmware updates for affected D-Link routers.

prevent

Mandates validation of information inputs to the router to prevent buffer overflows exploited by unauthenticated remote attackers.

prevent

Provides memory protections like non-executable memory regions to mitigate unauthorized code execution resulting from the buffer overflow.

References