How to fix CVE-2025-5912?

Within 24 hours: Inventory all D-Link DIR-632 devices in production and isolate any running firmware 103B08 from untrusted networks. Within 7 days: Replace affected devices with supported alternatives from D-Link or other vendors, or implement network segmentation to restrict external access to these devices. Within 30 days: Complete migration of all DIR-632 devices out of production; document any remaining legacy devices and implement enhanced monitoring/logging on network segments containing them.

Is Dir 632 Firmware affected by CVE-2025-5912?

D-Link DIR-632 routers running firmware 103B08 contain a critical stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication.

CVE-2025-5912

EUVD-2025-17618 HIGH

2025-06-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17618

PoC Detected

Jun 16, 2025 - 16:52 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 04:15 nvd

HIGH 8.8

Description

A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST Request Handler's do_file function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the affected product is end-of-life with no vendor support.

Technical Context

The vulnerability exists in the HTTP POST request processing handler of D-Link DIR-632 network equipment, specifically in the do_file function responsible for processing file upload or file-related POST requests. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), manifesting as a classic stack-based buffer overflow. This occurs when unsanitized user input from HTTP POST parameters is copied into a fixed-size stack buffer without proper bounds checking, allowing an attacker to overwrite the stack frame including return addresses. The affected component is the HTTP daemon (likely uhttpd or similar embedded web server) running on D-Link DIR-632 routers, which are SOHO-class wireless networking devices. The CPE would be: cpe:2.3:o:d-link:dir-632_firmware:fw103b08:*:*:*:*:*:*:*

Affected Products

DIR-632 (['FW103B08'])

Remediation

Primary: Discontinue use and replace affected DIR-632 devices; rationale: Given end-of-life status and critical vulnerability, replacement with a current, vendor-supported device is the only reliable mitigation. D-Link will not provide patches.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +44

POC: +20

CVE-2025-5912 vulnerability details – vuln.today

Back

CVE-2025-5912

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-5912

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code