CVE-2024-9910

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 13, 2024
Updated: Oct 15, 2024
CWE ID 120

Summary

CVE-2024-9910 is a critical vulnerability affecting the D-Link DIR-619L B1 version 2.06, specifically in the formSetPassword function located in the /goform/formSetPassword file. The vulnerability arises from a buffer overflow caused by manipulation of the curTime argument, allowing remote exploitation with low complexity and no user interaction required. This flaw poses significant risks to organizations, as it can lead to high impacts on confidentiality, integrity, and availability of affected systems. To remediate this issue, users are advised to update their router firmware to the latest version provided by D-Link. The vulnerability has been publicly disclosed, increasing the urgency for organizations to address it promptly to mitigate potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share