EUVD-2025-18792CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
CVE-2025-6369 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L v2.06B01 affecting the /goform/formdumpeasysetup endpoint. An authenticated remote attacker can exploit improper input validation of the curTime or config.save_network_enabled parameters to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the affected product is end-of-life with no vendor support available.
Technical Context
The vulnerability stems from CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The D-Link DIR-619L is a wireless router running proprietary firmware; the vulnerable function formdumpeasysetup handles form data submission for easy setup configuration. The affected endpoint /goform/formdumpeasysetup fails to properly validate the length of user-supplied input in the curTime and config.save_network_enabled parameters before copying them into fixed-size stack buffers. This allows an attacker to overflow the buffer and overwrite the stack, potentially enabling arbitrary code execution. The router's web interface processes these parameters without adequate bounds checking, a common vulnerability pattern in legacy embedded device firmware.
Affected Products
D-Link DIR-619L firmware version 2.06B01 and potentially earlier versions. The CPE for this product is likely CPE:2.3:h:d-link:dir-619l:2.06b01:*:*:*:*:*:*:*. This is a consumer-grade 802.11n wireless router from D-Link's mid-range product line. The vulnerability affects all DIR-619L units running v2.06B01 firmware. No firmware updates are available from D-Link as this product reached end-of-life several years ago; D-Link has discontinued support and security patches for this device model.
Remediation
Primary remediation options are severely limited due to end-of-life status: (1) Patch: No security patch is available from D-Link; v2.06B01 is the final firmware release for this model. (2) Upgrade: Organizations should migrate to a current, actively supported router model from D-Link or an alternative vendor that receives security updates. (3) Workarounds/Mitigations: (a) Restrict network access to the management interface by disabling remote administration and limiting local access to trusted networks only via firewall rules; (b) Implement network segmentation to isolate the router from critical systems; (c) Change default credentials and enforce strong authentication if possible; (d) Monitor network traffic for exploitation attempts targeting /goform/formdumpeasysetup; (e) Deploy intrusion detection/prevention signatures to detect buffer overflow patterns. (4) Compensating Controls: Place the device behind a WAF or proxy that validates input length; disable the easy setup functionality if the device web interface allows. Given the critical nature and lack of patches, immediate decommissioning of affected devices is strongly recommended.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today