CVE-2025-6617

| EUVD-2025-28755 HIGH
2025-06-25 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-28755
PoC Detected
Jul 14, 2025 - 17:18 vuln.today
Public exploit code
CVE Published
Jun 25, 2025 - 17:15 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link Stack Overflow RCE Dir 619l Firmware

Description

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

CVE-2025-6617 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the /goform/formAdvanceSetup endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'webpage' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impacts). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

Technical Context

This vulnerability exists in the formAdvanceSetup function within the D-Link DIR-619L wireless router's web management interface. The root cause is a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) where user-supplied input via the 'webpage' parameter is not properly validated or length-checked before being written to a stack buffer. The DIR-619L is a legacy 802.11n WiFi router running proprietary D-Link firmware. The vulnerable endpoint /goform/formAdvanceSetup is part of the router's administrative web interface, typically accessible via HTTP/HTTPS on port 80/443. The affected CPE would be: cpe:2.3:o:d-link:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*. The vulnerability requires authentication (PR:L in CVSS vector), indicating an attacker must first obtain valid credentials or exploit a prior authentication bypass.

Affected Products

DIR-619L (['2.06B01'])

Remediation

**Patch Status**: No security patch is available from D-Link due to the DIR-619L being EOL. **Remediation Options (in priority order)**: (1) **Replacement**: Retire the DIR-619L and replace with a current, actively maintained router model receiving security updates; (2) **Network Isolation**: If continued use is necessary, isolate the router on a trusted management VLAN with restricted access to router administrative credentials; (3) **Credential Management**: Change default administrative credentials to a strong, unique password to increase authentication barrier (partial mitigation only); (4) **Firmware Verification**: Confirm no unauthorized firmware modifications exist; (5) **Access Control**: Restrict administrative interface access to trusted IP ranges only via router configuration; (6) **Monitoring**: Implement network monitoring to detect anomalous outbound traffic from the router indicating compromise. **Why Workarounds Are Limited**: The lack of vendor support means no vendor advisory or patch will be published. Organizations must treat this as a permanent vulnerability requiring compensating controls or hardware replacement.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

CVE-2025-6617 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy