Cyber Resilience

CVE-2024-57440

High

Published: 20 March 2025

Published
20 March 2025
Modified
20 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0049 65.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57440 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dlink Dsl-3788 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-57440 is a stack-based buffer overflow vulnerability (CWE-121) in the D-Link DSL-3788 revA1 router running firmware version 1.01R1B036_EU_EN. The flaw occurs in the COMM_MAKECustomMsg function of the webproc CGI handler. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high availability impact with no effects on confidentiality or integrity.

An unauthenticated remote attacker with network access can exploit this vulnerability with low attack complexity and no user interaction. Exploitation triggers a buffer overflow, causing the affected CGI process to crash and resulting in a denial-of-service condition on the device.

D-Link has published security advisories addressing this issue, including support announcement SAP10418 available at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10418 and the general security bulletin page at https://www.dlink.com/en/security-bulletin/. Additional technical details on discovery via fuzzing are provided in a related blog post at https://blog.sparrrgh.me/fuzzing/embedded/2025/01/26/fuzzing-embedded-systems-2.html. Security practitioners should consult these for patch availability and mitigation guidance.

EU & UK References

Vulnerability details

D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a remote unauthenticated stack buffer overflow in the public-facing webproc CGI handler, directly enabling exploitation of a public-facing application to cause denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70223Same vendor: Dlink
CVE-2025-70246Same vendor: Dlink
CVE-2025-70232Same vendor: Dlink
CVE-2025-70218Same vendor: Dlink
CVE-2025-70220Same vendor: Dlink
CVE-2025-70226Same vendor: Dlink
CVE-2025-70219Same vendor: Dlink
CVE-2025-70233Same vendor: Dlink
CVE-2025-70225Same vendor: Dlink
CVE-2025-70242Same vendor: Dlink

Affected Assets

dlink
dsl-3788 firmware
≤ 1.01R1B037

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of inputs to the COMM_MAKECustomMsg function in the webproc CGI to prevent stack-based buffer overflows from malformed or oversized data.

prevent

Mandates timely flaw remediation through application of D-Link firmware patches addressing this specific buffer overflow vulnerability.

prevent

Deploys memory protection mechanisms like stack canaries and non-executable memory to block successful stack-based buffer overflow exploitation.

References