CVE-2024-9570

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 7, 2024
Updated: Oct 9, 2024
CWE ID 120

Summary

CVE-2024-9570 is a critical vulnerability affecting the D-Link DIR-619L B1 version 2.06, specifically in the formEasySetTimezone function within the /goform/formEasySetTimezone file. The vulnerability arises from a buffer overflow caused by manipulating the curTime argument, allowing remote attackers to exploit this flaw with low complexity and no user interaction required. The potential risk includes high impacts on confidentiality, integrity, and availability, potentially compromising sensitive data and system functionality. Organizations are advised to remediate this vulnerability by applying any available security updates from D-Link or implementing network-level protections to prevent exploitation. With a base score of 8.8 on the CVSS scale, this vulnerability represents a significant threat that should be addressed promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share