CVE-2024-9564

10/7/2024 1:15:00 AM
8 ماه قبل
8 ماه قبل
9
Reporter :cna@vuldb.com
Modified :10/7/2024 1:15:00 AM
Problem Data :CWE-120

Description

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Cvss Version 2.0

9 AV:N/AC:L/Au:S/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Cvss Version 3.1

8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High

Cvss Version 4.0

8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Vulnerability Complexity High
Vulnerability Impact High

EPSS

Epss Score 0.00063
Epss Percentile 0.29872

ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.

پیشنهادات:
  • به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
  • از بروزرسانی های آتی این آسیب پذیری مطلع شوید.

Affected Products (Configurations)

CPE Vendor Product Version Start Version End
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:* dlink dir-605l_firmware 2.13b01 *
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:* dlink dir-605l_firmware 2.13b01 *
cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:* dlink dir-605l - *

Reference