CVE-2024-9562

10/6/2024 11:15:00 PM
7 ماه قبل
7 ماه قبل
9
Reporter :cna@vuldb.com
Modified :10/6/2024 11:15:00 PM
Problem Data :CWE-120

Description

A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Cvss Version 2.0

9 AV:N/AC:L/Au:S/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Cvss Version 3.1

8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High

Cvss Version 4.0

8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Vulnerability Complexity High
Vulnerability Impact High

EPSS

Epss Score 0.00063
Epss Percentile 0.29872

ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.

پیشنهادات:
  • به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
  • از بروزرسانی های آتی این آسیب پذیری مطلع شوید.

Affected Products (Configurations)

CPE Vendor Product Version Start Version End
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:* dlink dir-605l_firmware 2.13b01 *
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:* dlink dir-605l_firmware 2.13b01 *
cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:* dlink dir-605l - *

Reference