Login Sign Up

CVE-2024-9784

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A critical buffer overflow vulnerability in D-Link DIR-619L B1 router's formResetStatistic function allows remote attackers to execute arbitrary code or crash the device. This affects all users of the vulnerable firmware version. Attackers can exploit this without authentication to potentially take full control of the router.

💻 Affected Systems

Products:
  • D-Link DIR-619L B1
Versions: 2.06
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Only the B1 hardware revision with firmware version 2.06 is confirmed affected. Other versions may be vulnerable but unconfirmed.

📦 What is this software?

Dir 619l Firmware by Dlink

View all CVEs affecting Dir 619l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router crash/reboot causing denial of service, or limited code execution for network reconnaissance.

🟢

If Mitigated

Attack blocked at network perimeter with no internal access to vulnerable devices.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and routers are typically internet-facing.
🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists in GitHub repository. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/

Restart Required: Yes

Instructions:

1. Check D-Link website for firmware updates. 2. If update available, download from official site. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to trusted network segment only

🧯 If You Can't Patch

  • Replace affected router with supported model
  • Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 2.06 on DIR-619L B1 hardware, device is vulnerable.

Check Version:

Log into router web interface and check System Status or Firmware section

Verify Fix Applied:

Verify firmware version has changed from 2.06 to a newer version after update.

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /goform/formResetStatistic
  • Router crash/reboot logs
  • Unusual outbound connections from router

Network Indicators:

  • HTTP POST requests to router IP on port 80/443 with formResetStatistic in URL
  • Unusual traffic patterns from router

SIEM Query:

source="router_logs" AND (url="/goform/formResetStatistic" OR message="crash" OR message="reboot")

📊 Metadata

CVE ID: CVE-2024-9784
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: October 10, 2024
Last Updated: October 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9784, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)