CVE-2024-9908

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetMACFilter.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.280236 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.280236 Third Party Advisory VDB Entry
https://vuldb.com/?submit.418739 Third Party Advisory VDB Entry
https://www.dlink.com/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-619l_firmware:2.06b1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*

History

16 Oct 2024, 15:31

Type Values Removed Values Added
CPE cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-619l_firmware:2.06b1:*:*:*:*:*:*:*
CVSS v2 : 5.2
v3 : 5.5
v2 : 5.2
v3 : 8.8
First Time Dlink dir-619l Firmware
Dlink
Dlink dir-619l
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetMACFilter.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetMACFilter.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.280236 - () https://vuldb.com/?ctiid.280236 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.280236 - () https://vuldb.com/?id.280236 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.418739 - () https://vuldb.com/?submit.418739 - Third Party Advisory, VDB Entry
References () https://www.dlink.com/ - () https://www.dlink.com/ - Product

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad clasificada como crítica en D-Link DIR-619L B1 2.06. La función formSetMACFilter del archivo /goform/formSetMACFilter está afectada. La manipulación del argumento curTime provoca un desbordamiento del búfer. El exploit se ha hecho público y puede utilizarse.

13 Oct 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-13 12:15

Updated : 2024-10-16 15:31


NVD link : CVE-2024-9908

Mitre link : CVE-2024-9908

CVE.ORG link : CVE-2024-9908


JSON object : View

Products Affected

dlink

  • dir-619l_firmware
  • dir-619l
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')