CVE-2024-9556

CVE Database · CVE-2024-9556

CVE-2024-9556

· HIGHAnalyzed

CVSS v3.1

8.8

CVSS v4.0

8.7

EPSS

1.34%

Published

Oct 6, 2024

Modified

Oct 8, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-120CWE-120

Affected Products (2)

dlink · dir-605l_firmwarevulnerable

dlink · dir-605l

References (5)

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetEnableWizard.md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.279363

Permissions Required