Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
CVE-2025-6373 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the formSetWizard1 function via the /goform/formWlSiteSurvey endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'curTime' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the affected product is end-of-life with no vendor support.
Technical ContextAI
The vulnerability exists in a stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) within the wireless site survey form handler on the D-Link DIR-619L router. The formSetWizard1 function fails to properly validate or bounds-check the 'curTime' input parameter before copying it into a fixed-size stack buffer. D-Link DIR-619L is a legacy wireless N router (CPE: cpe:2.3:h:d-link:dir-619l:-:*:*:*:*:*:*:*) running firmware 2.06B01. The vulnerable endpoint /goform/formWlSiteSurvey is accessible through HTTP POST requests via the router's web administration interface. This is a classic memory safety issue common in embedded device firmware written in C/C++ without proper input validation hygiene.
RemediationAI
Immediate remediation is unavailable via patching (end-of-life product). Recommended actions: (1) DECOMMISSION affected DIR-619L devices and replace with supported hardware from D-Link or alternative vendors; (2) If continued operation is necessary: implement strict network segmentation to restrict web interface access to trusted administrative networks only, disable UPnP/remote management, enforce strong authentication (change default credentials immediately if not already done), and monitor for suspicious access patterns; (3) Deploy WAF/IDS rules to detect POST requests to /goform/formWlSiteSurvey with oversized or malformed 'curTime' parameters; (4) Consider using an external router/firewall to proxy administration traffic and apply input filtering. No patch will be issued by D-Link.
More in Dir 619l Firmware
View allD-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. Rated critical severity (CVSS
D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. Rat
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. Rated critical se
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter funct
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the port forwa
CVE-2025-6617 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affect
A stack-based buffer overflow vulnerability exists in D-Link DIR-619L firmware version 2.06B01, affecting the formSetWAN
CVE-2025-6615 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affect
CVE-2025-6614 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affect
CVE-2025-6374 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01, affecting the
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available
CVE-2025-6369 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L v2.06B01 affecting the /goform/
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18795