CVE-2024-9565

10/7/2024 1:15:00 AM
7 ماه قبل
7 ماه قبل
9
Reporter :cna@vuldb.com
Modified :10/7/2024 1:15:00 AM
Problem Data :CWE-120

Description

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Cvss Version 2.0

9 AV:N/AC:L/Au:S/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Cvss Version 3.1

8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High

Cvss Version 4.0

8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Vulnerability Complexity High
Vulnerability Impact High

EPSS

Epss Score 0.00063
Epss Percentile 0.29872

ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.

پیشنهادات:
  • به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
  • از بروزرسانی های آتی این آسیب پذیری مطلع شوید.

Affected Products (Configurations)

CPE Vendor Product Version Start Version End
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:* dlink dir-605l_firmware 2.13b01 *
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:* dlink dir-605l_firmware 2.13b01 *
cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:* dlink dir-605l - *
cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:* dlink dir-605l - *

Reference