What is the CVSS score of CVE-2025-6370?

CVE-2025-6370 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Dir 619l Firmware are affected by CVE-2025-6370?

A critical stack-based buffer overflow vulnerability (CVE-2025-6370) affects D-Link DIR-619L routers that are no longer supported by the vendor, with public exploits now available.

Is there a public PoC exploit available for CVE-2025-6370?

Yes, a public proof-of-concept exploit is available for CVE-2025-6370. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-6370?

Within 24 hours: Identify and inventory all DIR-619L 2.06B01 devices in production and document their network role and exposure level. Within 7 days: Isolate affected devices from internet access, disable the /goform/formWlanGuestSetup functionality if possible, and implement network segmentation to limit lateral movement. Within 30 days: Develop a replacement plan for end-of-life equipment and decommission or replace DIR-619L units with supported alternatives, prioritizing internet-facing and critical infrastructure devices.

Dir 619l Firmware CVE-2025-6370

EUVD-2025-18791 HIGH

Buffer Overflow (CWE-119)

2025-06-20 cna@vuldb.com

Buffer Overflow D-Link RCE Dir 619l Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18791

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

PoC Detected

Jun 25, 2025 - 20:09 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 22:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Technical ContextAI

CWE-119 (Buffer Overflow). CVSS 8.8 indicates high severity. Affects A vulnerability classified as critical.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

CVE-2025-6370 vulnerability details – vuln.today

Back

Dir 619l Firmware CVE-2025-6370

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code