June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Products Zero-Day Vulnerabilities Exploited in the Wild
October 9, 2024
Bitter APT Targeting Pakistan – Active IOCs
October 9, 2024
Multiple Microsoft Products Zero-Day Vulnerabilities Exploited in the Wild
October 9, 2024
Bitter APT Targeting Pakistan – Active IOCs
October 9, 2024
Severity
High
Analysis Summary
CVE-2024-9569 CVSS:8.8
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9563 CVSS:8.8
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9562 CVSS:8.8
A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9556 CVSS:8.8
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9555 CVSS:8.8
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9553 CVSS:8.8
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-9552 CVSS:8.8
A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Impact
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-9569
- CVE-2024-9563
- CVE-2024-9562
- CVE-2024-9556
- CVE-2024-9555
- CVE-2024-9553
- CVE-2024-9552
Affected Vendors
D-Link
Affected Products
- D-Link DIR-619L B1 - 2.06
- D-Link DIR-605L - 2.13B01 BETA
Remediation
Refer to D-Link Website for patch, upgrade, or suggested workaround information.