EUVD-2025-18793

| CVE-2025-6368 HIGH
2025-06-20 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-18793
PoC Detected
Jun 25, 2025 - 20:09 vuln.today
Public exploit code
CVE Published
Jun 20, 2025 - 22:15 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link RCE Dir 619l Firmware

Description

A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

A critical stack-based buffer overflow vulnerability exists in D-Link DIR-619L firmware version 2.06B01, affecting the formSetEmail function via the curTime and config.smtp_email_subject parameters. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code has been disclosed, and the affected product is end-of-life with no vendor support available.

Technical Context

The vulnerability is a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in the /goform/formSetEmail endpoint of D-Link DIR-619L routers running firmware 2.06B01. The vulnerability exists in the email configuration functionality where user-supplied input via the curTime or config.smtp_email_subject parameters is copied into a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the stack, including return addresses, enabling arbitrary code execution. The affected product is a consumer-grade wireless router with legacy embedded Linux-based firmware. CPE specification: cpe:2.3:o:d-link:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*

Affected Products

DIR-619L (['2.06B01'])

Remediation

Primary: Device Replacement; description: Since D-Link DIR-619L 2.06B01 is end-of-life with no patch availability, the only reliable remediation is to replace the affected device with a current-generation router from D-Link or another vendor that receives active security updates. Secondary: Network Isolation (Temporary Mitigation); description: If device replacement is not immediately possible: (1) Isolate the router from the internet or place it behind a firewall that blocks access to the /goform/formSetEmail endpoint; (2) Restrict administrative access to the device's web interface to trusted IP addresses only; (3) Change default credentials to strong, unique passwords; (4) Disable remote management features if enabled. Tertiary: Network Monitoring; description: Monitor network traffic for suspicious POST requests to /goform/formSetEmail with oversized payloads or unexpected parameter values. Monitor device logs for evidence of unauthorized access or configuration changes. Preventive: Vendor Advisory Check; description: No vendor patch is available. D-Link has not issued a security advisory for this device due to end-of-life status. Users should consult D-Link's product lifecycle documentation.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

EUVD-2025-18793 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy