Sign-up

ID

VAR-202503-2603


CVE

CVE-2025-2550


TITLE

D-Link Systems, Inc.  of  DIR-618  firmware and  DIR-605L  Vulnerability regarding improper permission settings in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-010248

DESCRIPTION

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-618 firmware and DIR-605L The firmware contains vulnerabilities related to improper permission settings and access control.Information may be tampered with. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-618 version 2.02 and DIR-605L version 3.02 have access control error vulnerabilities. Attackers can use this vulnerability to configure the device's DDNS service

Trust: 2.16

sources: NVD: CVE-2025-2550 // JVNDB: JVNDB-2025-010248 // CNVD: CNVD-2025-11321

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11321

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-605lscope:eqversion:3.02

Trust: 1.0

vendor:dlinkmodel:dir-618scope:eqversion:2.02

Trust: 1.0

vendor:d linkmodel:dir-605lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-618scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-618scope:eqversion:2.02

Trust: 0.6

vendor:d linkmodel:dir-605lscope:eqversion:3.02

Trust: 0.6

sources: CNVD: CNVD-2025-11321 // JVNDB: JVNDB-2025-010248 // NVD: CVE-2025-2550

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2550
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-010248
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-11321
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-2550
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-010248
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11321
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-2550
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-010248
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11321 // JVNDB: JVNDB-2025-010248 // NVD: CVE-2025-2550

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-010248 // NVD: CVE-2025-2550

EXTERNAL IDS

db:NVDid:CVE-2025-2550

Trust: 3.2

db:VULDBid:300164

Trust: 1.8

db:JVNDBid:JVNDB-2025-010248

Trust: 0.8

db:CNVDid:CNVD-2025-11321

Trust: 0.6

sources: CNVD: CNVD-2025-11321 // JVNDB: JVNDB-2025-010248 // NVD: CVE-2025-2550

REFERENCES

url:https://lavender-bicycle-a5a.notion.site/d-link-dir-605l-formsetddns-1b153a41781f80feb80bd24afc8f83d5?pvs=4

Trust: 2.4

url:https://lavender-bicycle-a5a.notion.site/d-link-dir-618-formsetddns-1b053a41781f80659702da9a589e4f4a?pvs=4

Trust: 1.8

url:https://vuldb.com/?id.300164

Trust: 1.8

url:https://vuldb.com/?submit.516792

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.300164

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2550

Trust: 0.8

sources: CNVD: CNVD-2025-11321 // JVNDB: JVNDB-2025-010248 // NVD: CVE-2025-2550

SOURCES

db:CNVDid:CNVD-2025-11321
db:JVNDBid:JVNDB-2025-010248
db:NVDid:CVE-2025-2550

LAST UPDATE DATE

2025-08-02T23:14:07.311000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11321date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-010248date:2025-07-30T08:36:00
db:NVDid:CVE-2025-2550date:2025-07-14T18:15:02.667

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11321date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-010248date:2025-07-30T00:00:00
db:NVDid:CVE-2025-2550date:2025-03-20T17:15:38.903