Key Information 1. Vulnerability Name: - D-LINK DIR-619L B1 2.06 FORMSETWIZARDSELECTMODE CURTIME BUFFER OVERFLOW 2. Vulnerability ID: - VDB-280242 - CVE-2024-9914 3. Affected Device: - D-LINK DIR-619L B1 2.06 4. Affected File: - /goform/formSetWizardSelectMode 5. Vulnerability Description: - Buffer Overflow: - Function: - Parameter: - Description: The function copies the contents of the input buffer to the output buffer without verifying whether the input buffer size is smaller than the output buffer size, leading to a buffer overflow when using unknown input. 6. Impact: - CWE-120: Improper Memory Access - Impact: Confidentiality, integrity, and availability are compromised. 7. CVSS Meta Temp Score: - 8.4 8. Current Exploit Price: - $0-$5k 9. CTI Interest Score: - 1.30 10. Vulnerability Disclosure: - GitHub: github.com - CVE ID: CVE-2024-9914 - Disclosure Date: October 13, 2024 - Exploit Difficulty: Easy - Remote Exploitation Possible: Yes - Technical Details and Public Exploits Available 11. Exploit Download: - GitHub: github.com 12. Recommendation: - Replace the affected device. Related Links VDB-279936 VDB-279937 VDB-279938 VDB-280236 Additional Information Copyright: 1997-2024 vuldb.com, CC BY-NC-SA Languages: Multilingual support (de, fr, it, es, pt, ru, pl, sv, zh, ja, ar) Version: v18.6.7