CVE-2025-5969

| EUVD-2025-17766 HIGH
2025-06-10 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17766
PoC Detected
Jul 16, 2025 - 19:32 vuln.today
Public exploit code
CVE Published
Jun 10, 2025 - 17:25 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link Remote Code Execution Dir 632 Firmware

Description

A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler in the /biurl_grou component. An authenticated attacker can remotely exploit this vulnerability to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed and the affected product is no longer maintained by D-Link, significantly increasing real-world risk.

Technical Context

The vulnerability exists in function FUN_00425fd8 within the HTTP POST request handler of the D-Link DIR-632 router. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow. The affected component /biurl_grou processes user-supplied input from HTTP POST requests without proper bounds checking, allowing an attacker to write beyond allocated stack memory. CPE identifier: cpe:2.3:o:dlink:dir-632_firmware:fw103b08:*:*:*:*:*:*:* and cpe:2.3:h:dlink:dir-632:*:*:*:*:*:*:*:*. The vulnerability affects the routing/network configuration protocols handled by this embedded device's web interface.

Affected Products

DIR-632 (['FW103B08'])

Remediation

Primary remediation: Discontinue use of DIR-632 FW103B08 and migrate to a supported router model with current security patches. Since D-Link no longer maintains this product, no official firmware patches are available. Interim mitigations for organizations unable to immediately replace hardware: (1) Restrict network access to the router's web interface using firewall rules - allow administrative access only from trusted IP addresses; (2) Change default credentials and implement strong authentication; (3) Disable remote management features if not required; (4) Implement network segmentation to isolate the router from critical systems; (5) Monitor for suspicious POST requests to /biurl_grou endpoint. These mitigations reduce but do not eliminate risk. No vendor advisory or patch is available due to end-of-life status.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-5969 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy