What is the CVSS score of CVE-2025-6121?

CVE-2025-6121 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Dir 632 Firmware are affected by CVE-2025-6121?

A critical remote code execution vulnerability (CVE-2025-6121) affects D-Link DIR-632 routers running firmware 103B08, with a public exploit now available.

Is there a public PoC exploit available for CVE-2025-6121?

Yes, a public proof-of-concept exploit is available for CVE-2025-6121. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-6121?

Within 24 hours: Inventory all D-Link DIR-632 devices in your network and isolate any connected to production systems. Within 7 days: Develop a replacement strategy for affected devices and implement network segmentation to restrict router access. Within 30 days: Complete replacement of all vulnerable DIR-632 units with supported alternatives and validate network security posture.

Dir 632 Firmware CVE-2025-6121

EUVD-2025-18394 CRITICAL

Buffer Overflow (CWE-119)

2025-06-16 cna@vuldb.com

RCE Buffer Overflow D-Link Dir 632 Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18394

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

PoC Detected

Jun 17, 2025 - 19:37 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 12:15 nvd

CRITICAL 9.8

DescriptionNVD

A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of D-Link DIR-632 routers running firmware FW103B08. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The vulnerable function get_pure_content improperly validates the Content-Length HTTP header parameter before using it to allocate or write to stack-allocated buffers. When an attacker supplies a Content-Length value larger than the buffer size, the HTTP handler writes beyond buffer boundaries, corrupting the stack and enabling control flow hijacking. D-Link DIR-632 is a consumer-grade SOHO router (CPE would be cpe:2.3:h:d-link:dir-632:-:*:*:*:*:*:*:* with firmware cpe:2.3:o:d-link:dir-632_firmware:fw103b08:*:*:*:*:*:*:*). This class of vulnerability is typical in embedded device firmware where memory safety is not enforced and input validation is minimal.

RemediationAI

No patch is available from D-Link as the DIR-632 is end-of-life. Remediation options: (1) Immediate replacement: Retire DIR-632 units and replace with current-generation D-Link routers receiving active firmware support; (2) Network isolation: If replacement is not immediately possible, segment DIR-632 routers from critical network segments and restrict external access via firewall rules; (3) Disable remote management: Ensure WAN-side HTTP/HTTPS access to the router's web interface is disabled in firewall settings; (4) Access controls: Restrict access to the router's management interface to trusted internal networks only; (5) Monitoring: Deploy IDS/IPS signatures detecting abnormal Content-Length values in HTTP POST requests to routers. No firmware patches or vendor workarounds are available. Organizations should prioritize DIR-632 units for urgent replacement in their asset inventory.