CVE-2024-9566

Name of the Vulnerable Software and Affected Versions D-Link DIR-619L B1 version 2.06

Description A critical vulnerability was found in the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next page leads to a buffer overflow, allowing a remote attacker to execute arbitrary code. The exploit has been disclosed to the public and may be used. This issue can be initiated remotely.

Recommendations For D-Link DIR-619L B1 version 2.06, as a temporary workaround, consider disabling the formDeviceReboot function until a patch is available. Restrict access to the /goform/formDeviceReboot endpoint to minimize the risk of exploitation. Avoid using the parameter next page in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.