CVE-2024-9911

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPortTr.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.280239 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.280239 Third Party Advisory VDB Entry
https://vuldb.com/?submit.418742 Third Party Advisory VDB Entry
https://www.dlink.com/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-619l_firmware:2.06b1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*

History

16 Oct 2024, 15:32

Type Values Removed Values Added
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPortTr.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPortTr.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.280239 - () https://vuldb.com/?ctiid.280239 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.280239 - () https://vuldb.com/?id.280239 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.418742 - () https://vuldb.com/?submit.418742 - Third Party Advisory, VDB Entry
References () https://www.dlink.com/ - () https://www.dlink.com/ - Product
First Time Dlink dir-619l Firmware
Dlink
Dlink dir-619l
CPE cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-619l_firmware:2.06b1:*:*:*:*:*:*:*

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en D-Link DIR-619L B1 2.06. Se ha clasificado como crítica. Afecta a la función formSetPortTr del archivo /goform/formSetPortTr. La manipulación del argumento curTime provoca un desbordamiento del búfer. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.

13 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-13 16:15

Updated : 2024-10-16 15:32


NVD link : CVE-2024-9911

Mitre link : CVE-2024-9911

CVE.ORG link : CVE-2024-9911


JSON object : View

Products Affected

dlink

  • dir-619l_firmware
  • dir-619l
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')