Buffer Overflow Vulnerability in D-Link DIR-605L 2.13B01 BETA
CVE-2024-9549

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dir-605l Firmware
Vendor: CVE Published:; 6 October 2024

What is CVE-2024-9549?

The D-Link DIR-605L router is subject to a buffer overflow vulnerability originating from the function formEasySetupWizard/formEasySetupWizard2. This issue arises due to manipulation of the 'curTime' argument, allowing for potential remote exploitation. As the vulnerability has been publicly disclosed, attackers can exploit the affected versions, gaining unauthorized access and control over the router's functionalities. Users of the DIR-605L must apply necessary precautions and stay updated on security patches to mitigate the risks associated with this vulnerability.

References

https://vuldb.com/?id.279347

https://vuldb.com/?ctiid.279347

https://vuldb.com/?submit.413887

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2024