CVE-2024-57440
Published: 20 March 2025
Summary
CVE-2024-57440 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dlink Dsl-3788 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-57440 is a stack-based buffer overflow vulnerability (CWE-121) in the D-Link DSL-3788 revA1 router running firmware version 1.01R1B036_EU_EN. The flaw occurs in the COMM_MAKECustomMsg function of the webproc CGI handler. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high availability impact with no effects on confidentiality or integrity.
An unauthenticated remote attacker with network access can exploit this vulnerability with low attack complexity and no user interaction. Exploitation triggers a buffer overflow, causing the affected CGI process to crash and resulting in a denial-of-service condition on the device.
D-Link has published security advisories addressing this issue, including support announcement SAP10418 available at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10418 and the general security bulletin page at https://www.dlink.com/en/security-bulletin/. Additional technical details on discovery via fuzzing are provided in a related blog post at https://blog.sparrrgh.me/fuzzing/embedded/2025/01/26/fuzzing-embedded-systems-2.html. Security practitioners should consult these for patch availability and mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7176
Vulnerability details
D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote unauthenticated stack buffer overflow in the public-facing webproc CGI handler, directly enabling exploitation of a public-facing application to cause denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of inputs to the COMM_MAKECustomMsg function in the webproc CGI to prevent stack-based buffer overflows from malformed or oversized data.
Mandates timely flaw remediation through application of D-Link firmware patches addressing this specific buffer overflow vulnerability.
Deploys memory protection mechanisms like stack canaries and non-executable memory to block successful stack-based buffer overflow exploitation.