CVE-2025-6616

| EUVD-2025-19123 HIGH
2025-06-25 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-19123
PoC Detected
Jul 14, 2025 - 17:18 vuln.today
Public exploit code
CVE Published
Jun 25, 2025 - 17:15 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link RCE Dir 619l Firmware

Description

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

A stack-based buffer overflow vulnerability exists in D-Link DIR-619L firmware version 2.06B01, affecting the formSetWAN_Wizard51 function's handling of the curTime parameter. An authenticated attacker can exploit this remotely to achieve complete system compromise (confidentiality, integrity, and availability), and the exploit has been publicly disclosed with no vendor patches available since the product is end-of-life.

Technical Context

The vulnerability is a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in a firmware web interface handler function. The /goform/formSetWAN_Wizard51 endpoint in D-Link DIR-619L accepts user-supplied input via the curTime parameter without proper bounds validation, allowing an attacker to write beyond allocated stack memory. This corrupts the call stack and enables arbitrary code execution. The affected product (CPE likely: cpe:2.3:o:dlink:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*) is a consumer-grade wireless router running proprietary D-Link firmware based on embedded Linux, where such input validation flaws are common in CGI form handlers.

Affected Products

D-Link DIR-619L firmware version 2.06B01 and potentially earlier versions in the 2.x series. CPE: cpe:2.3:o:dlink:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*. D-Link has ended support for this product line; no patch versions or security updates are available from the vendor. This affects all hardware running the vulnerable firmware (DIR-619L routers with firmware 2.06B01).

Remediation

No vendor patches are available due to end-of-life status. Remediation options: (1) RETIRE affected hardware: Replace DIR-619L devices with current, supported router models; (2) NETWORK SEGMENTATION: Isolate DIR-619L routers from untrusted networks and restrict access to the web management interface (port 80/443) to trusted internal IPs only via firewall rules; (3) DISABLE WAN WIZARD: If retirement is not immediately possible, disable or restrict access to the /goform/formSetWAN_Wizard51 endpoint through web server configuration (remove or restrict CGI handlers); (4) MONITOR: Log and alert on authentication attempts to the router's web interface. No security patches or firmware updates exist; hardware replacement is the definitive remediation.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

CVE-2025-6616 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy