CVE-2024-9566

Summary

CVE-2024-9566 is a critical vulnerability affecting the D-Link DIR-619L B1 version 2.06, specifically within the function formDeviceReboot of the file /goform/formDeviceReboot. This vulnerability allows for a buffer overflow through manipulation of the argument next_page, which can be exploited remotely with low privileges and no user interaction required. The potential impact includes high integrity and confidentiality risks, as well as complete availability loss, scoring 8.8 on the CVSS scale. Organizations using this affected product are advised to apply available patches or updates from D-Link to mitigate the risk posed by this vulnerability. The issue was publicly disclosed on October 7, 2024, raising concerns about its exploitation in real-world scenarios.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.