EUVD-2025-28731

| CVE-2025-6374 HIGH
2025-06-21 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 21:35 euvd
EUVD-2025-28731
PoC Detected
Jun 25, 2025 - 20:10 vuln.today
Public exploit code
CVE Published
Jun 21, 2025 - 01:15 nvd
HIGH 8.8

Tags

Buffer Overflow D-Link RCE Dir 619l Firmware

Description

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

CVE-2025-6374 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01, affecting the formSetACLFilter function's curTime parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. Public exploit code exists for this end-of-life product, making it an immediate concern for organizations still operating legacy D-Link equipment.

Technical Context

This vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The vulnerable endpoint /goform/formSetACLFilter in D-Link DIR-619L's web management interface fails to properly validate the length of the 'curTime' parameter before copying it into a fixed-size stack buffer. The DIR-619L is a legacy WLAN router (CPE likely: cpe:2.3:h:dlink:dir-619l:-:*:*:*:*:*:*:*) running embedded Linux with a custom web interface. The vulnerability exists in the firmware's CGI handler that processes Access Control List (ACL) filter configuration requests. Without proper bounds checking, an attacker can overflow the stack, overwriting return addresses and other critical data structures to redirect execution flow.

Affected Products

D-Link DIR-619L firmware version 2.06B01 and potentially earlier versions. Affected device CPE: cpe:2.3:h:dlink:dir-619l:-:*:*:*:*:*:*:*. No patch is available from D-Link as the product reached end-of-support status. Users of this router model should verify their firmware version in the device web interface (typically accessible at 192.168.0.1) under System Settings or Administration > Firmware Version.

Remediation

No official patch will be released by D-Link for this end-of-life product. Recommended actions: (1) Immediate: Disable remote management access to the router's web interface by disabling WAN-side access to port 80/443 via firewall rules; (2) Network isolation: Segregate affected routers to restricted network segments with minimal trust; (3) Access control: Enforce strong authentication credentials and disable default accounts; (4) Replacement: Migrate to current D-Link router models with active vendor support and security updates; (5) Monitoring: Deploy network IDS/IPS rules to detect exploitation attempts targeting /goform/formSetACLFilter with oversized curTime parameters; (6) Workaround: Restrict web interface access to trusted local networks only and disable any remote management features.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

EUVD-2025-28731 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy