CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9514 – D-Link DIR-605L formSetDomainFilter buffer overflow
https://notcve.org/view.php?id=CVE-2024-9514
04 Oct 2024 — A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. • https://github.com/noahze01/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetDomainFilter.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 46%CPEs: 4EXPL: 1CVE-2018-20056
https://notcve.org/view.php?id=CVE-2018-20056
11 Dec 2018 — An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. Se ha descubierto un problema en /bin/boa en dispositivos D-Link DIR-619L Rev.B 2.06B1 y DIR-605L Rev.B 2.12B1. Hay un desbordamiento de búfer basado en pila que permite que atacantes remotos ejecuten código arbitrario sin autenticación medi... • https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20stack%20overflow.md • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 25%CPEs: 4EXPL: 1CVE-2018-20057
https://notcve.org/view.php?id=CVE-2018-20057
11 Dec 2018 — An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. Se ha descubierto un problema en /bin/boa en dispositivos D-Link DIR-619L Rev.B 2.06B1 y DIR-605L Rev.B 2.12B1. goform/formSysCmd permite que usuarios autenticados remotos ejecuten comandos arbitrarios del sistema operativo mediante el parámetro POST sysCmd. • https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-619%20command%20execution.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •