D-Link DIR-619L B1 2.06 /goform/formSetPassword curTime Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin kura an gano a D-Link DIR-619L B1 2.06. Tabbas, aikin formSetPassword ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /goform/formSetPassword, a cikin sashi $software_component. Wuro manipulation of the argument curTime ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-120. Lalle, rauni an sanar da shi 10/12/2024. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2024-9910. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $25k-$100k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

2 Goyarwa · 87 Datenpunkte

FurɗeSúgá
10/12/2024 18:07		Gargadi 1/1
10/13/2024 18:19
software_vendorD-LinkD-Link
software_nameDIR-619L B1DIR-619L B1
software_version2.062.06
software_file/goform/formSetPassword/goform/formSetPassword
software_functionformSetPasswordformSetPassword
software_argumentcurTimecurTime
vulnerability_cweCWE-120 (Pufferüberlauf)CWE-120 (Pufferüberlauf)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPassword.mdhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPassword.md
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPassword.mdhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPassword.md
source_cveCVE-2024-9910CVE-2024-9910
cna_responsibleVulDBVulDB
software_typeRouter Operating SystemRouter Operating System
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcHH
cvss4_vuldb_viHH
cvss4_vuldb_vaHH
cvss4_vuldb_ePP
cvss2_vuldb_auSS
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_prLL
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore7.77.7
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.08.0
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore8.08.4
cvss4_vuldb_bscore8.78.7
cvss4_vuldb_btscore7.47.4
advisory_date1728684000 (10/12/2024)1728684000 (10/12/2024)
price_0day$25k-$100k$25k-$100k
cve_nvd_summaryA vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcH
cvss4_cna_viH
cvss4_cna_vaH
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore8.7
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cvss3_cna_basescore8.8
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciC
cvss2_cna_iiC
cvss2_cna_aiC
cvss2_cna_basescore9

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!