EUVD-2025-19105
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
CVE-2025-6614 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the WAN configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the 'curTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.
Technical Context
This vulnerability exists in the formSetWANType_Wizard5 CGI handler located at /goform/formSetWANType_Wizard5, which processes WAN type configuration requests on D-Link DIR-619L routers. The root cause is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The vulnerable code fails to properly validate the length of the 'curTime' input parameter before copying it into a fixed-size stack buffer, allowing an attacker to write beyond allocated memory boundaries. D-Link DIR-619L is a consumer-grade wireless router (CPE: cpe:2.3:h:d-link:dir-619l:*:*:*:*:*:*:*:*) running firmware 2.06B01 or earlier (CPE: cpe:2.3:o:d-link:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*). The CGI application likely uses unsafe C functions (strcpy, sprintf, or similar) without bounds checking.
Affected Products
D-Link DIR-619L wireless router, firmware version 2.06B01 and potentially earlier versions. CPE: cpe:2.3:h:d-link:dir-619l:*:*:*:*:*:*:*:*; cpe:2.3:o:d-link:dir-619l_firmware:2.06b01:*:*:*:*:*:*:*. No patch versions are available from the vendor as D-Link has discontinued support for this product line. End-of-life status confirmed per description. Affected deployments typically include small office/home office (SOHO) networks, legacy corporate branch offices, and resource-constrained environments where older hardware remains in service.
Remediation
Primary Remediation: No vendor security patches exist for CVE-2025-6614 due to end-of-life status of the DIR-619L product line. Users must replace affected routers with current, supported D-Link models or alternative vendors. Interim Mitigations (if replacement is not immediately feasible): (1) Restrict administrative access via network segmentation—disable remote management and limit access to trusted LAN subnets only; (2) Disable or restrict access to /goform/formSetWANType_Wizard5 endpoint via firewall rules if possible; (3) Change default credentials and enforce strong authentication passwords; (4) Isolate affected routers on separate VLANs with limited trust relationships; (5) Monitor router logs for CGI-related errors or unusual parameter submissions. Long-term: Plan and execute device replacement with current firmware versions receiving active security maintenance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today