Exploit
CVE-2024-9570

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

Published: Oct 7, 2024 / Updated: 43d ago

010
CVSS 8.7EPSS 0.05%High
CVE info copied to clipboard

Summary

A critical vulnerability has been identified in the D-Link DIR-619L B1 router, version 2.06. The vulnerability affects the formEasySetTimezone function in the /goform/formEasySetTimezone file. This issue allows for a buffer overflow attack through the manipulation of the curTime argument. The vulnerability can be exploited remotely, and public disclosure of the exploit has occurred.

Impact

This vulnerability has severe potential impacts: 1. Remote Code Execution: Attackers could exploit this buffer overflow to execute arbitrary code on the affected device, potentially gaining full control over the router. 2. Network Compromise: As routers are critical network infrastructure devices, a compromised router could lead to the interception, modification, or redirection of network traffic. 3. Data Theft: With high impacts on confidentiality, integrity, and availability, attackers could potentially access, modify, or destroy sensitive data passing through the router. 4. Pivot Point: A compromised router could serve as a launching point for further attacks on the internal network. 5. Denial of Service: The high availability impact suggests that attackers could potentially crash the router, disrupting network services. The vulnerability has a CVSS v3.1 base score of 8.8 (High severity) and a CVSS v4.0 base score of 8.7 (High severity), indicating a critical level of risk.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no mention of an available patch. Given the critical nature of the vulnerability and its public disclosure, it is crucial to frequently check for updates from D-Link and apply any security patches as soon as they become available.

Mitigation

While awaiting a patch, consider the following mitigation strategies: 1. Firmware Update: Check for and apply any available firmware updates for the D-Link DIR-619L B1 router. 2. Network Segmentation: Isolate affected routers in a separate network segment to limit potential damage. 3. Access Control: Implement strict access controls to limit who can interact with the router's administration interface. 4. Firewall Rules: Configure firewall rules to restrict unnecessary incoming connections to the router. 5. Monitoring: Implement enhanced monitoring for any suspicious activities or unauthorized access attempts on these devices. 6. Replace or Upgrade: If possible, consider replacing the affected routers with newer models that are not vulnerable to this specific exploit. 7. Disable Remote Management: If not strictly necessary, disable remote management features to reduce the attack surface. 8. Regular Security Assessments: Conduct frequent security scans and assessments to identify any signs of compromise or exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9570. See article

Oct 7, 2024 at 3:42 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 7, 2024 at 3:42 PM
CVE Assignment

NVD published the first details for CVE-2024-9570

Oct 7, 2024 at 4:15 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 7, 2024 at 4:21 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.4%)

Oct 8, 2024 at 9:58 AM
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Oct 9, 2024 at 1:11 PM
Threat Intelligence Report

CVE-2024-9570 is a critical buffer overflow vulnerability in the D-Link DIR-619L B1 router's firmware version 2.06, specifically within the 'formEasySetTimezone' function, which allows remote attackers to execute arbitrary code by manipulating the 'curTime' argument. The summary does not provide information on a CVSS score, exploitation in the wild, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts to other vendors. Further investigation is needed to assess the broader implications and available defenses against this vulnerability. See article

Nov 1, 2024 at 11:21 AM
Static CVE Timeline Graph

Affected Systems

Dlink/dir-619l_firmware
+null more

Exploits

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetTimezone.md
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million
Cyble researchers also observed threat actors on a cybercrime forum discussing exploits of CVE-2024-23113, a critical vulnerability in multiple versions of FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager that allows remote, unauthenticated attackers to execute arbitrary code through specially crafted requests. This week’s IT vulnerability report affects an unusually high number of exposed devices and instances: Vulnerabilities in Fortinet, SonicWall, and Grafana Labs can be found in more than 1 million web-facing assets, and a pair of 10.0-severity vulnerabilities in CyberPanel have already been mass-exploited in ransomware attacks.

News

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million
Cyble researchers also observed threat actors on a cybercrime forum discussing exploits of CVE-2024-23113, a critical vulnerability in multiple versions of FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager that allows remote, unauthenticated attackers to execute arbitrary code through specially crafted requests. This week’s IT vulnerability report affects an unusually high number of exposed devices and instances: Vulnerabilities in Fortinet, SonicWall, and Grafana Labs can be found in more than 1 million web-facing assets, and a pair of 10.0-severity vulnerabilities in CyberPanel have already been mass-exploited in ransomware attacks.
Vulnerability Summary for the Week of October 7, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47410 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47411 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47412 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47413 psirt@adobe.com adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
US-CERT Vulnerability Summary for the Week of October 7, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links.
Vulnerability Summary for the Week of October 7, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47410 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47411 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47412 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47413 psirt@adobe.com adobe -- animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Exploit for Classic Buffer Overflow in Dlink Dir-619L Firmware exploit
See 14 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI