Cyber Posture

CVE-2024-57376

High

Published: 28 January 2025

Published
28 January 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5186 97.9th percentile
Risk Priority 49 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57376 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Dsr-150 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identification, reporting, and correction of the buffer overflow flaw via timely firmware updates for affected D-Link routers.

SI-10 Information Input Validation good match
prevent

Mandates validation of information inputs to the router to prevent buffer overflows exploited by unauthenticated remote attackers.

SI-16 Memory Protection partial match
prevent

Provides memory protections like non-executable memory regions to mitigate unauthorized code execution resulting from the buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow enables unauthenticated RCE on exposed router services/interfaces (adjacent network).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.

Deeper analysisAI

CVE-2024-57376 is a buffer overflow vulnerability (CWE-120) present in D-Link routers, specifically the DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N models running firmware versions from 3.13 to 3.17B901C. The flaw allows unauthenticated users to achieve remote code execution.

The vulnerability can be exploited by unauthenticated attackers on an adjacent network (AV:A) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and without changing scope (S:U). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 8.8.

D-Link has published a security bulletin with further details at https://www.dlink.com/en/security-bulletin/.

Details

CWE(s)
CWE-120

Affected Products

dlink
dsr-150 firmware
3.13 — 3.17B901C
dlink
dsr-150n firmware
3.13 — 3.17B901C
dlink
dsr-250 firmware
3.13 — 3.17B901C
dlink
dsr-250n firmware
3.13 — 3.17B901C
dlink
dsr-500 firmware
3.13 — 3.17B901C
dlink
dsr-1000n firmware
3.13 — 3.17b901c

CVEs Like This One

CVE-2025-50670Same vendor: Dlink
CVE-2025-60554Same vendor: Dlink
CVE-2025-52222Same vendor: Dlink
CVE-2025-60553Same vendor: Dlink
CVE-2025-46108Same vendor: Dlink
CVE-2025-50650Same vendor: Dlink
CVE-2025-45058Same vendor: Dlink
CVE-2025-60548Same vendor: Dlink
CVE-2026-5982Same vendor: Dlink
CVE-2025-50672Same vendor: Dlink

References