CVE-2024-9570

HIGH

Dlink Dir-619l Firmware - Buffer Overflow

Title source: rule

Description

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC 6 stars

by dylvie · poc

https://github.com/dylvie/CVE-2024-9570_D-Link-DIR-619L-bof

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://vuldb.com/?id.279464

[Permissions Required] https://vuldb.com/?ctiid.279464

[Third Party Advisory] https://vuldb.com/?submit.414548

[Exploit, Third Party Advisory] https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetTimezone.md

[Product] https://www.dlink.com/

Scores

CVSS v3 8.8

EPSS 0.2418

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

dlink/dir-619l_firmware 2.06b1

Published Oct 07, 2024

Tracked Since Feb 18, 2026