Buffer Overflow Vulnerability in D-Link DIR-605L Products
CVE-2024-9561

8.8HIGH

Key Information:

Vendor: D-link
Status: Dir-605l
Vendor: CVE Published:; 6 October 2024

Badges

👾 Exploit Exists

What is CVE-2024-9561?

A severe buffer overflow vulnerability exists in the D-Link DIR-605L router, specifically affecting the functions formSetWAN_Wizard51 and formSetWAN_Wizard52. This flaw arises from improper handling of the curTime argument, allowing attackers to exploit this vulnerability remotely. The implications of such an attack include unauthorized system access and potential manipulation of device settings. Given that the exploit has been publicly disclosed, it is crucial for users and administrators to update their devices and implement safeguards to prevent exploitation of this flaw. Comprehensive threat assessments and patch management should be prioritized to ensure network security.

Affected Version(s)

DIR-605L 2.13B01 BETA

References

https://vuldb.com/?id.279369

vdb-entrytechnical-description

https://vuldb.com/?ctiid.279369

signaturepermissions-required

https://vuldb.com/?submit.413920

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 6, 2024
Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Oct 6, 2024

Credit

wxhwxhwxh_tutu (VulDB User)

D-link

Badges

What is CVE-2024-9561?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit