Zjy148909

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L version 2.04B04 **Description** A critical issue was found in the function `formSetEasy Wizard`, where the manipulation of the argument `curTime` leads to a buffer overflow. This issue can be exploited remotely. The vendor was notified about this issue, and it only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-619L version 2.04B04, as a temporary workaround, consider disabling the `formSetEasy Wizard` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the argument `curTime` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L version 2.04B04 **Description** A critical vulnerability has been found in the function `formSetWAN Wizard52`. The manipulation of the argument `curTime` leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling the `formSetWAN Wizard52` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L version 2.04B04 **Description** A critical vulnerability was found in the D-Link DIR-619L, affecting the function `formSetWizard2`. The manipulation of the argument `curTime` leads to a buffer overflow, allowing for remote attacks. The vendor was contacted about this disclosure, and it only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling the `formSetWizard2` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the argument `curTime` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L version 2.04B04 **Description** A critical issue affects the `formSysCmd` function, where manipulation of the `sysCmd` argument leads to command injection. This can be initiated remotely. The vendor was contacted about this disclosure. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-619L version 2.04B04, as a temporary workaround, consider disabling the `formSysCmd` function until a patch is available. Restrict access to the `sysCmd` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-619L version 2.04B04 **Description** A critical issue affects the `wake on lan` function, where manipulation of the `mac` argument leads to command injection. This can be initiated remotely. The vendor was contacted about this disclosure. It only affects products that are no longer supported by the maintainer. **Recommendations** For D-Link DIR-619L version 2.04B04, as a temporary workaround, consider disabling the `wake on lan` function until a patch is available. Restrict access to the `mac` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.