Vulnerability Details CVE-2021-30072
An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-30072
-
cpe:2.3:h:dlink:dir-878:ax
-
cpe:2.3:o:dlink:dir-878_firmware:-
-
cpe:2.3:o:dlink:dir-878_firmware:1.01b04
-
cpe:2.3:o:dlink:dir-878_firmware:1.02b04
-
cpe:2.3:o:dlink:dir-878_firmware:1.02b05
-
cpe:2.3:o:dlink:dir-878_firmware:1.10b05
-
cpe:2.3:o:dlink:dir-878_firmware:1.11b02
-
cpe:2.3:o:dlink:dir-878_firmware:1.12a1
-
cpe:2.3:o:dlink:dir-878_firmware:1.12b01
-
cpe:2.3:o:dlink:dir-878_firmware:1.20b03
-
cpe:2.3:o:dlink:dir-878_firmware:1.20b05
-
cpe:2.3:o:dlink:dir-878_firmware:1.30b08