CVE-2024-20099

CVE-2024-20099

Título es
CVE-2024-20099

Lun, 07/10/2024 – 03:15

Tipo
CWE-787

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-20099

Descripción en
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.

07/10/2024
07/10/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20097

    CVE-2024-20097

    Título es
    CVE-2024-20097

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20097

    Descripción en
    In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-20098

    CVE-2024-20098

    Título es
    CVE-2024-20098

    Lun, 07/10/2024 – 03:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20098

    Descripción en
    In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626.

    07/10/2024
    07/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/October-2024

    • Enviar en el boletín
    Off

    CVE-2024-9562

    CVE-2024-9562

    Título es
    CVE-2024-9562

    Dom, 06/10/2024 – 23:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9562

    Descripción en
    A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetWizard.md

  • https://vuldb.com/?ctiid_279370=

  • https://vuldb.com/?id_279370=

  • https://vuldb.com/?submit_413921=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9561

    CVE-2024-9561

    Título es
    CVE-2024-9561

    Dom, 06/10/2024 – 23:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9561

    Descripción en
    A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetWAN_Wizard.md

  • https://vuldb.com/?ctiid_279369=

  • https://vuldb.com/?id_279369=

  • https://vuldb.com/?submit_413920=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9563

    CVE-2024-9563

    Título es
    CVE-2024-9563

    Lun, 07/10/2024 – 00:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9563

    Descripción en
    A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formWlanSetup_Wizard.md

  • https://vuldb.com/?ctiid_279371=

  • https://vuldb.com/?id_279371=

  • https://vuldb.com/?submit_413922=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9565

    CVE-2024-9565

    Título es
    CVE-2024-9565

    Lun, 07/10/2024 – 01:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9565

    Descripción en
    A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formSetPassword.md

  • https://vuldb.com/?ctiid_279373=

  • https://vuldb.com/?id_279373=

  • https://vuldb.com/?submit_413924=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9564

    CVE-2024-9564

    Título es
    CVE-2024-9564

    Lun, 07/10/2024 – 01:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9564

    Descripción en
    A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formWlanWizardSetup.md

  • https://vuldb.com/?ctiid_279372=

  • https://vuldb.com/?id_279372=

  • https://vuldb.com/?submit_413923=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9559

    CVE-2024-9559

    Título es
    CVE-2024-9559

    Dom, 06/10/2024 – 19:15

    Tipo
    CWE-120

    Gravedad v2.0
    9.00

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-9559

    Descripción en
    A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    06/10/2024
    06/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:C/I:C/A:C

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-605L/formWlanSetup.md

  • https://vuldb.com/?ctiid_279366=

  • https://vuldb.com/?id_279366=

  • https://vuldb.com/?submit_413919=

  • https://www.dlink.com/

    • Enviar en el boletín
    Off

    CVE-2024-9560

    CVE-2024-9560

    Título es
    CVE-2024-9560

    Dom, 06/10/2024 – 22:15

    Tipo
    CWE-89

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-9560

    Descripción en
    A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    07/10/2024
    07/10/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://flowus.cn/share/38f64855-27ec-4170-ac78-f29ca595901e?code=G8A6P3

  • https://vuldb.com/?ctiid_279368=

  • https://vuldb.com/?id_279368=

  • https://vuldb.com/?submit_414475=

    • Enviar en el boletín
    Off