CVE-2025-6371

| EUVD-2025-18794 HIGH
2025-06-20 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-18794
PoC Detected
Jun 25, 2025 - 20:09 vuln.today
Public exploit code
CVE Published
Jun 20, 2025 - 23:15 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link Stack Overflow RCE Dir 619l Firmware

Description

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

CVE-2025-6371 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the formSetEnableWizard function. An authenticated remote attacker can exploit this vulnerability by manipulating the 'curTime' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation has been publicly disclosed with proof-of-concept available, and this vulnerability only affects end-of-life products no longer receiving vendor support.

Technical Context

The vulnerability exists in the web management interface of D-Link DIR-619L routers at the endpoint /goform/formSetEnableWizard. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The formSetEnableWizard function fails to properly validate or bound-check the 'curTime' parameter before writing it to a stack buffer, allowing an attacker to overwrite stack memory including return addresses and local variables. This is a classic memory safety issue common in embedded device firmware written in C/C++ without modern protections. The affected product is the D-Link DIR-619L wireless router (CPE: cpe:2.3:o:d-link:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*), which is a residential-grade SOHO router typically deployed in small business and home networks.

Affected Products

DIR-619L (['2.06B01'])

Remediation

Patch: No security patches will be released by D-Link for this end-of-life product. Workarounds and mitigations: (1) Immediately retire DIR-619L devices and replace with supported alternatives from D-Link or other vendors; (2) If temporary operation is required, restrict network access to the management interface via firewall rules—disable remote management and limit local management access to trusted networks only; (3) Implement network segmentation to isolate affected routers from sensitive systems; (4) Monitor for signs of exploitation (unauthorized configuration changes, unexpected traffic patterns); (5) Consider firmware alternatives if available (OpenWrt, DD-WRT) if they support DIR-619L hardware, though users assume responsibility for security testing; (6) Prioritize budget allocation for equipment refresh cycles to eliminate end-of-life devices from production networks.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: +20

Share

CVE-2025-6371 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy