CVE-2024-9535

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA

Description: A critical issue has been identified in the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime can lead to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. The vulnerability is related to the copying of a buffer without checking the size of the input data, which may allow an attacker to execute arbitrary code using the curTime parameter.

Recommendations: As a temporary workaround, consider disabling the formEasySetupWWConfig function until a patch is available. Restrict access to the /goform/formEasySetupWWConfig endpoint to minimize the risk of exploitation. Avoid using the curTime argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.