CVE-2024-9786

Name of the Vulnerable Software and Affected Versions D-Link DIR-619L versions B1 2.06

Description A critical issue has been found in the function formSetLog of the file /goform/formSetLog, which is related to a buffer overflow when handling the curTime parameter. This can be exploited remotely by sending a specially crafted POST request to the /goform/formSetLog API endpoint, potentially leading to a denial of service. The attack may be launched remotely.

Recommendations For D-Link DIR-619L version B1 2.06, consider disabling the formSetLog function until a patch is available to prevent exploitation. Restrict access to the /goform/formSetLog API endpoint to minimize the risk of exploitation. Avoid using the curTime parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.