Exploit
CVE-2024-9908

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

Published: Oct 13, 2024 / Updated: 37d ago

010
CVSS 5.1EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A critical vulnerability has been discovered in the D-Link DIR-619L B1 router firmware version 2.06. The vulnerability affects the formSetMACFilter function in the /goform/formSetMACFilter file. By manipulating the curTime argument, an attacker can cause a buffer overflow.

Impact

This buffer overflow vulnerability can lead to severe consequences, including: 1. Remote code execution: An attacker may be able to execute arbitrary code on the affected device. 2. Privilege escalation: The attacker could potentially gain elevated privileges on the system. 3. Device compromise: Full control over the router may be achieved, allowing the attacker to intercept, modify, or redirect network traffic. 4. Network infiltration: A compromised router could serve as an entry point for further attacks on the internal network.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the current information, no official patch has been released by D-Link for this vulnerability. It is crucial to monitor D-Link's official channels for any firmware updates addressing this issue.

Mitigation

Until a patch is available, consider the following mitigation strategies: 1. Limit network exposure: Place affected devices behind firewalls and isolate them from the internet where possible. 2. Implement strong access controls: Ensure that only authorized users have access to the device's administration interface. 3. Monitor for suspicious activity: Implement network monitoring to detect potential exploitation attempts. 4. Consider alternative firmware: If available and feasible, consider using alternative firmware solutions that may not be affected by this vulnerability. 5. Disable remote administration: If not strictly necessary, disable remote administration features to reduce the attack surface. 6. Regular security assessments: Conduct frequent security scans and assessments to identify any signs of compromise or unusual activity.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9908. See article

Oct 13, 2024 at 12:12 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 13, 2024 at 12:13 PM
CVE Assignment

NVD published the first details for CVE-2024-9908

Oct 13, 2024 at 12:15 PM
CVSS

A CVSS base score of 5.5 has been assigned.

Oct 13, 2024 at 12:20 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.4%)

Oct 14, 2024 at 9:43 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 16, 2024 at 3:35 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Oct 16, 2024 at 5:11 PM
Static CVE Timeline Graph

Affected Systems

Dlink/dir-619l_firmware
+null more

Exploits

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetMACFilter.md
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

CVE-2024-9908 Exploit
CVE Id : CVE-2024-9908 Published Date: 2024-10-16T15:31:00+00:00 A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. inTheWild added a link to an exploit: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetMACFilter.md
US-CERT Vulnerability Summary for the Week of October 7, 2024
ABB–RobotWare 6 An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 2024-10-10 5.1 CVE-2024-6157 [email protected] adamskaat–Read more By Adam The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. 2024-10-12 4.3 CVE-2024-9187 [email protected] [email protected] adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-47419 [email protected] adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.
CVE Alert: CVE-2024-9908 - https://www.redpacketsecurity.com/cve_alert_cve-2024-9908/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_9908
CVE Alert: CVE-2024-9908 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_9908
CVE Alert: CVE-2024-9908 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9908/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9908
CVE Alert: CVE-2024-9908
Everyone that supports the site helps enable new functionality. Affected Endpoints:
See 11 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI