CVE-2024-36832

HIGH EPSS 30.7%
Published Dec 17, 20241y ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Dec 17, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device.

CVSS Details

Base Score
7.5
Exploitability
1.6
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
30.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 2

VendorProductVersionRange
dlinkdap-1513_firmware1.01any
dlinkdap-1513*any

References 4

  • docs.google.com https://docs.google.com/document/d/1qTpwAg7B5E4mqkBzijjuoOWWnf3OE1HXIKBv7OcS8Mc/edit?usp=sharing
    Permissions Required
  • supportannouncement.us.dlink.com https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10396
    Vendor Advisory
  • dlink.com https://www.dlink.com/en
    Product
  • dlink.com https://www.dlink.com/en/security-bulletin/
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.