CVE-2024-9909

Name of the Vulnerable Software and Affected Versions D-Link DIR-619L versions B1 2.06

Description The issue is related to a buffer overflow vulnerability in the formSetMuti function of the D-Link DIR-619L router's microprogram. This vulnerability can be exploited by sending a specially crafted POST request with the curTime parameter to the /goform/formSetMuti API endpoint, potentially allowing a remote attacker to cause a denial of service. The attack can be launched remotely by manipulating the curTime argument, leading to a buffer overflow.

Recommendations For D-Link DIR-619L version B1 2.06, as a temporary workaround, consider disabling the formSetMuti function until a patch is available. Restrict access to the /goform/formSetMuti API endpoint to minimize the risk of exploitation. Avoid using the curTime parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.