Details of VAR-202410-0337

ID

VAR-202410-0337

CVE

CVE-2024-9908

TITLE

D-Link Systems, Inc. of DIR-619L Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-010460

DESCRIPTION

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-619L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The DIR-619L B1 is a home network router that provides high-speed Wi-Fi connectivity, is easy to set up, and has multiple ports. An attacker can exploit this vulnerability to modify the state of the program, such as overwriting the return instruction pointer to execute malicious code

Trust: 2.16

sources: NVD: CVE-2024-9908 // JVNDB: JVNDB-2024-010460 // CNVD: CNVD-2024-41043

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41043

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-619l	scope:	eq	version:	2.06b1	Trust: 1.0
vendor:	d link	model:	dir-619l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	eq	version:	dir-619l firmware 2.06b1	Trust: 0.8
vendor:	d link	model:	dir-619l 2.06b1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-41043 // JVNDB: JVNDB-2024-010460 // NVD: CVE-2024-9908

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-9908
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-9908
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-010460
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-41043
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-9908
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-010460
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2024-41043
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-9908
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.1
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-9908
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-010460
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41043 // JVNDB: JVNDB-2024-010460 // NVD: CVE-2024-9908 // NVD: CVE-2024-9908

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010460 // NVD: CVE-2024-9908

EXTERNAL IDS

db:	NVD	id:	CVE-2024-9908	Trust: 3.2
db:	VULDB	id:	280236	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-010460	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41043	Trust: 0.6

sources: CNVD: CNVD-2024-41043 // JVNDB: JVNDB-2024-010460 // NVD: CVE-2024-9908

REFERENCES

url:	https://www.dlink.com/	Trust: 2.4
url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/d-link/dir-619l/formsetmacfilter.md	Trust: 1.8
url:	https://vuldb.com/?id.280236	Trust: 1.8
url:	https://vuldb.com/?submit.418739	Trust: 1.8
url:	https://vuldb.com/?ctiid.280236	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-9908	Trust: 0.8

sources: CNVD: CNVD-2024-41043 // JVNDB: JVNDB-2024-010460 // NVD: CVE-2024-9908

SOURCES

db:	CNVD	id:	CNVD-2024-41043
db:	JVNDB	id:	JVNDB-2024-010460
db:	NVD	id:	CVE-2024-9908

LAST UPDATE DATE

2024-10-24T22:37:18.928000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41043	date:	2024-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2024-010460	date:	2024-10-17T02:15:00
db:	NVD	id:	CVE-2024-9908	date:	2024-10-16T15:31:26.373

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41043	date:	2024-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2024-010460	date:	2024-10-17T00:00:00
db:	NVD	id:	CVE-2024-9908	date:	2024-10-13T12:15:10.087