EUVD-2025-18372
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter function through improper handling of mac_hostname_%d and sched_name_%d parameters. An authenticated remote attacker can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability impacts (CVSS 8.8). Public exploit code is available and the product is end-of-life, significantly elevating real-world risk.
Technical Context
The vulnerability exists in the web management interface of the D-Link DIR-619L wireless router (CPE: cpe:2.3:h:d-link:dir-619l:2.06b01:*:*:*:*:*:*:*). The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow occurring when user-supplied input to the form_macfilter function parameters (mac_hostname_%d and sched_name_%d) is not properly validated before being written to stack memory. These parameters likely relate to MAC address filtering and scheduler name configuration features. Without bounds checking, an attacker can overflow the stack buffer, overwriting return addresses and other critical stack data. The vulnerability requires authentication (PR:L in CVSS vector), indicating the attacker must have valid credentials or the router's default authentication must be bypassed—a common scenario with consumer routers using default credentials.
Affected Products
D-Link DIR-619L wireless router, specifically firmware version 2.06B01 and potentially earlier versions. No patches are available from D-Link as this product has reached end-of-support status. CPE: cpe:2.3:h:d-link:dir-619l:2.06b01:*:*:*:*:*:*:*. Potential variants may include other DIR-619L revisions, though version 2.06B01 is explicitly confirmed vulnerable. Users with DIR-619L should assume all firmware versions up to and including 2.06B01 are affected unless explicitly patched (unlikely given EOL status).
Remediation
No vendor patches are available due to end-of-life product status. Recommended remediation options in priority order: (1) **Retire the affected device**—Replace DIR-619L with a currently supported router model receiving active security updates; (2) **Network segmentation**—If replacement is not immediately possible, isolate the router to a restricted management VLAN accessible only to trusted administrators, disable remote management features (HTTPS admin interface), and restrict access to the web interface to specific internal IP addresses via firewall rules; (3) **Credential hardening**—Change default admin credentials to a strong, unique password; disable WPS; (4) **Monitor for exploitation**—Monitor router logs for suspicious web interface access attempts, unusual process execution, or memory dumps; (5) **Avoid untrusted networks**—Do not expose the router to untrusted network segments or the public internet. No workarounds can fully mitigate a stack buffer overflow vulnerability in firmware code without patching.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today