CVE-2024-9556

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 6, 2024

Updated: Oct 8, 2024

CWE ID 120

Summary

CVE-2024-9556 is a critical vulnerability affecting the D-Link DIR-605L 2.13B01 BETA, specifically in the formSetEnableWizard function of the /goform/formSetEnableWizard file. This vulnerability allows for a buffer overflow due to manipulation of the curTime argument, which can be exploited remotely with low complexity and no user interaction required. The exploit poses significant risks to organizations by potentially compromising confidentiality, integrity, and availability of their systems, as indicated by its high CVSS score of 8.8. To remediate this issue, affected users should update their D-Link devices with the latest firmware provided by D-Link. Given that the exploit has been disclosed publicly, immediate action is recommended to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database