CVE-2024-9914

Name of the Vulnerable Software and Affected Versions D-Link DIR-619L version 2.06

Description A critical issue has been found in the function formSetWizardSelectMode of the file "/goform/formSetWizardSelectMode". The manipulation of the argument curTime leads to a buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For D-Link DIR-619L version 2.06, as a temporary workaround, consider disabling the formSetWizardSelectMode function until a patch is available. Restrict access to the "/goform/formSetWizardSelectMode" endpoint to minimize the risk of exploitation. Avoid using the parameter curTime in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.