Rewterz

Multiple Adobe Products Zero-Day Vulnerabilities

October 9, 2024
Rewterz

DarkCrystal RAT aka DCRat – Active IOCs

October 10, 2024

Multiple D-Link DIR-605L Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-9515 CVSS:8.8

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-9514 CVSS:8.8

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-9551 CVSS:8.8

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. Affected by this vulnerability is the function formSetWanL2TP of the file /goform/formSetWanL2TP. The manipulation of the argument webpage leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Impact

  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2024-9515
  • CVE-2024-9514
  • CVE-2024-9551

Affected Vendors

D-Link

Affected Products

  • D-Link DIR-605L - 2.13B01 BETA

Remediation

Refer to D-Link Website for patch, upgrade, or suggested workaround information.

CVE-2024-9515

CVE-2024-9514

CVE-2024-9551

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.