EUVD-2025-18738

| CVE-2025-6334 HIGH
2025-06-20 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-18738
CVE Published
Jun 20, 2025 - 11:15 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link RCE Remote Code Execution Dir 867 Firmware

Description

A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

CVE-2025-6334 is a critical stack-based buffer overflow vulnerability in D-Link DIR-867 1.0 routers, affecting the Query String Handler's strncpy function implementation. Remote attackers with low privileges can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has documented public exploits available, affects end-of-life hardware no longer receiving vendor support, and carries a high CVSS 3.1 score of 8.8.

Technical Context

The vulnerability resides in the Query String Handler component of the D-Link DIR-867 firmware, specifically in improper use of the strncpy() function. CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) indicates the root cause is classic buffer overflow due to unsafe string handling without proper bounds checking. The Query String Handler processes HTTP request parameters, making it network-accessible. D-Link DIR-867 is a dual-band AC1900 wireless router; CPE identifier would be 'cpe:2.3:h:d-link:dir-867:1.0:*:*:*:*:*:*:*'. The strncpy function, when misused without enforcing null termination or validating input length against destination buffer size, allows stack frame corruption when processing oversized query strings through the web interface or API endpoints.

Affected Products

D-Link DIR-867 firmware version 1.0 (CPE: cpe:2.3:h:d-link:dir-867:1.0:*:*:*:*:*:*:*). The vulnerability affects all DIR-867 1.0 devices; no CPE indicates later versions were patched or this product line was discontinued. The device is a residential/SMB dual-band AC1900 WiFi router. No vendor advisory links are available per the description, consistent with end-of-life status.

Remediation

No patches are available from D-Link due to end-of-life support status. Remediation options are limited: (1) HARDWARE REPLACEMENT: Migrate to a current, supported router model from D-Link or another vendor receiving active security updates; (2) NETWORK ISOLATION: Restrict administrative access to the router's web interface via firewall rules, VPN-only administration, or air-gapping from untrusted networks; (3) CREDENTIAL HARDENING: Change default admin credentials immediately and use strong, unique passwords to slow credential-based exploitation; (4) DISABLE REMOTE MANAGEMENT: Turn off any remote management features if exposed to WAN; (5) MONITOR: Implement network monitoring for suspicious admin interface access attempts. These are workarounds only—complete remediation requires hardware replacement.

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: 0

Share

EUVD-2025-18738 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy