CVE-2024-9912

Name of the Vulnerable Software and Affected Versions D-Link DIR-619L version 2.06

Description A critical issue exists in the formSetQoS function of the /goform/formSetQoS endpoint, related to a buffer overflow due to the lack of input size validation. This can be exploited by sending a specially crafted POST request with the curTime parameter, allowing a remote attacker to cause a denial of service. The attack can be initiated remotely.

Recommendations For D-Link DIR-619L version 2.06, as a temporary workaround, consider disabling the formSetQoS function in the /goform/formSetQoS endpoint until a patch is available. Restrict access to the /goform/formSetQoS endpoint to minimize the risk of exploitation. Avoid using the curTime parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.