Multiple D-Link Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-9568 CVSS:8.8

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-9564 CVSS:8.8

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Impact

Buffer Overflow

Indicators of Compromise

CVE

CVE-2024-9568
CVE-2024-9564

Affected Vendors

D-Link

Affected Products

D-Link DIR-619L B1 - 2.06
D-Link DIR-605L - 2.13B01 BETA

Remediation

Refer to D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website

Mirai Botnet aka Katana – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Multiple D-Link Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan