CVE-2024-9785

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetDDNS.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.279937 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.279937 Third Party Advisory VDB Entry
https://vuldb.com/?submit.414553 Third Party Advisory VDB Entry
https://www.dlink.com/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-619l_firmware:2.06b1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*

History

16 Oct 2024, 16:15

Type Values Removed Values Added
First Time Dlink dir-619l
Dlink dir-619l Firmware
Dlink
CPE cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-619l_firmware:2.06b1:*:*:*:*:*:*:*
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetDDNS.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetDDNS.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.279937 - () https://vuldb.com/?ctiid.279937 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.279937 - () https://vuldb.com/?id.279937 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.414553 - () https://vuldb.com/?submit.414553 - Third Party Advisory, VDB Entry
References () https://www.dlink.com/ - () https://www.dlink.com/ - Product

15 Oct 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en D-Link DIR-619L B1 2.06. La función formSetDDNS del archivo /goform/formSetDDNS se ve afectada por esta vulnerabilidad. La manipulación del argumento curTime provoca un desbordamiento del búfer. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

10 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-10 13:15

Updated : 2024-10-16 16:15


NVD link : CVE-2024-9785

Mitre link : CVE-2024-9785

CVE.ORG link : CVE-2024-9785


JSON object : View

Products Affected

dlink

  • dir-619l
  • dir-619l_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')