How to fix CVE-2025-6370?

Within 24 hours: Identify and inventory all DIR-619L 2.06B01 devices in production and document their network role and exposure level. Within 7 days: Isolate affected devices from internet access, disable the /goform/formWlanGuestSetup functionality if possible, and implement network segmentation to limit lateral movement. Within 30 days: Develop a replacement plan for end-of-life equipment and decommission or replace DIR-619L units with supported alternatives, prioritizing internet-facing and critical infrastructure devices.

Is Dir 619l Firmware affected by CVE-2025-6370?

A critical stack-based buffer overflow vulnerability (CVE-2025-6370) affects D-Link DIR-619L routers that are no longer supported by the vendor, with public exploits now available.

CVE-2025-6370

EUVD-2025-18791 HIGH

2025-06-20 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18791

PoC Detected

Jun 25, 2025 - 20:09 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 22:15 nvd

HIGH 8.8

Description

A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Technical Context

CWE-119 (Buffer Overflow). CVSS 8.8 indicates high severity. Affects A vulnerability classified as critical.

Affected Products

['A vulnerability classified as critical']

Remediation

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-6370 vulnerability details – vuln.today

Back

CVE-2025-6370

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-6370

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code