VDB-279241 · CVE-2024-9535 · GCVE-100-279241

D-Link DIR-605L 2.13B01 BETA formEasySetupWWConfig curTime ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu D-Link DIR-605L 2.13B01 BETA keessatti argameera. Miidhaan irra gahe is hojii formEasySetupWWConfig faayilii /goform/formEasySetupWWConfig keessa. Dhugumatti jijjiirraa irratti raawwatame curTime gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-120 si geessa. Beekumsi kun yeroo 10/04/2024 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2024-9535 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $25k-$100k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 86 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/04/2024 07:32 PM	ଅଦ୍ୟତନ 1/3 10/05/2024 04:23 PM	ଅଦ୍ୟତନ 2/3 10/08/2024 11:17 AM	ଅଦ୍ୟତନ 3/3 10/10/2024 06:56 AM
software_vendor	D-Link	D-Link	D-Link	D-Link
software_name	DIR-605L	DIR-605L	DIR-605L	DIR-605L
software_version	2.13B01 BETA	2.13B01 BETA	2.13B01 BETA	2.13B01 BETA
software_file	/goform/formEasySetupWWConfig	/goform/formEasySetupWWConfig	/goform/formEasySetupWWConfig	/goform/formEasySetupWWConfig
software_function	formEasySetupWWConfig	formEasySetupWWConfig	formEasySetupWWConfig	formEasySetupWWConfig
software_argument	curTime	curTime	curTime	curTime
vulnerability_cwe	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	H	H	H	H
cvss3_vuldb_i	H	H	H	H
cvss3_vuldb_a	H	H	H	H
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formEasySetupWWConfig.md
source_cve	CVE-2024-9535	CVE-2024-9535	CVE-2024-9535	CVE-2024-9535
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Router Operating System	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	C	C	C	C
cvss2_vuldb_ii	C	C	C	C
cvss2_vuldb_ai	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	H	H	H	H
cvss4_vuldb_vi	H	H	H	H
cvss4_vuldb_va	H	H	H	H
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.4	8.4	8.5
cvss4_vuldb_bscore	8.7	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4	7.4
advisory_date	1727992800 (10/04/2024)	1727992800 (10/04/2024)	1727992800 (10/04/2024)	1727992800 (10/04/2024)
price_0day	$25k-$100k	$25k-$100k	$25k-$100k	$25k-$100k
cve_nvd_summary		A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		H	H	H
cvss3_cna_i		H	H	H
cvss3_cna_a		H	H	H
cvss3_cna_basescore		8.8	8.8	8.8
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		C	C	C
cvss2_cna_ii		C	C	C
cvss2_cna_ai		C	C	C
cvss2_cna_basescore		9	9	9
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en D-Link DIR-605L 2.13B01 BETA. Se ha declarado como crítica. Esta vulnerabilidad afecta a la función formEasySetupWWConfig del archivo /goform/formEasySetupWWConfig. La manipulación del argumento curTime provoca un desbordamiento del búfer. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha encontrado una vulnerabilidad en D-Link DIR-605L 2.13B01 BETA. Se ha declarado como crítica. Esta vulnerabilidad afecta a la función formEasySetupWWConfig del archivo /goform/formEasySetupWWConfig. La manipulación del argumento curTime provoca un desbordamiento del búfer. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!