Critical Buffer Overflow Vulnerability in D-Link DIR-605L Device

CVE-2024-11959

8.8HIGH

Key Information

Vendor: D-link
Status: Dir-605l
Vendor: CVE Published:; 28 November 2024

Summary

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Version(s)

DIR-605L = 2.13B01

Refferences

https://vuldb.com/?id.286341

vdb-entrytechnical-description

https://vuldb.com/?ctiid.286341

signaturepermissions-required

https://vuldb.com/?submit.447484

third-party-advisory

https://github.com/offshore0315/loT-vulnerable/blob/main/...

https://supportannouncement.us.dlink.com/security/publica...

https://www.dlink.com/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Nov 28, 2024
Vulnerability published
Nov 28, 2024

Collectors

NVD DatabaseMitre Database

Credit

offshore0315 (VulDB User)

.