EUVD-2025-19104CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
CVE-2025-6615 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the formAutoDetecWAN_wizard4 function. An authenticated remote attacker can exploit improper handling of the 'curTime' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.
Technical Context
The vulnerability exists in the web management interface of D-Link DIR-619L routers, specifically in the /goform/formAutoDetecWAN_wizard4 endpoint. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating unsafe string handling without bounds checking on the 'curTime' parameter. This parameter is processed by the formAutoDetecWAN_wizard4 function without validating input length, allowing an attacker to write beyond allocated stack memory. The affected product is a consumer-grade wireless router from D-Link's legacy product line (DIR-619L series), identified by CPE pattern: cpe:2.3:o:d-link:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*. The vulnerability leverages HTTP POST requests to the management interface, suggesting the web server processes user input directly into fixed-size stack buffers.
Affected Products
D-Link DIR-619L, firmware version 2.06B01 (confirmed affected). The DIR-619L is a 300Mbps wireless N router marketed from approximately 2010-2014. No patched firmware versions are available as the product reached end-of-life status. Related DIR-6xx series routers may share vulnerable code patterns but are not explicitly confirmed in this CVE. Affected CPE: cpe:2.3:o:d-link:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*. D-Link discontinued support for this product line years ago; no vendor advisory or patch will be issued.
Remediation
(1) **Primary**: Discontinue use of DIR-619L routers and replace with current-generation, actively-supported D-Link or third-party router firmware. (2) **If replacement not feasible**: Implement network-level mitigations: restrict HTTP/HTTPS access to the router management interface to trusted static IPs only; disable remote management; deploy the router behind a VPN or DMZ with strict firewall rules; isolate the router to a dedicated, non-production network segment. (3) **Workaround**: Change default administrative credentials to strong, unique passwords; disable UPnP; disable WPS; enable access control lists (ACLs) to restrict admin interface access. (4) **Monitoring**: Inspect router logs for POST requests to /goform/formAutoDetecWAN_wizard4 endpoint; monitor for unexpected firmware modifications or system behavior. (5) **No patch available**: Vendor will not release patches for end-of-life hardware. Third-party OpenWrt or DD-WRT firmware may provide alternative, maintained OS but compatibility with DIR-619L should be verified before deployment.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today