CVE-2024-9570

HIGH

D-Link DIR-619L B1 2.06 - Buffer Overflow via formEasySetTimezone curTime Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-9570. PoCs published by dylvie.

AI-analyzed exploit summary This PoC exploits a buffer overflow vulnerability in D-Link DIR-619L B1 2.06 via the 'curTime' parameter in the '/goform/formEasySetTimezone' endpoint. It sends a large payload to trigger the overflow, potentially leading to remote code execution.

Description

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC 6 stars

by dylvie · poc

https://github.com/dylvie/CVE-2024-9570_D-Link-DIR-619L-bof

View Code ZIP pw:eip

This PoC exploits a buffer overflow vulnerability in D-Link DIR-619L B1 2.06 via the 'curTime' parameter in the '/goform/formEasySetTimezone' endpoint. It sends a large payload to trigger the overflow, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-619L B1 2.06

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.279464

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.279464

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.414548

Exploit, Third Party Advisory exploit

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetTimezone.md

Product product

https://www.dlink.com/

Scores

CVSS v3 8.8

EPSS 0.0295

EPSS Percentile 85.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

dlink/dir-619l_firmware 2.06b1

Published Oct 07, 2024

Tracked Since Feb 18, 2026