Details of VAR-202503-2603

ID

VAR-202503-2603

CVE

CVE-2025-2550

TITLE

D-Link DIR-605L/DIR-618 formSetDDNS function access control error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-11321

DESCRIPTION

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-618 version 2.02 and DIR-605L version 3.02 have access control error vulnerabilities. Attackers can use this vulnerability to configure the device's DDNS service

Trust: 1.44

sources: NVD: CVE-2025-2550 // CNVD: CNVD-2025-11321

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11321

AFFECTED PRODUCTS

vendor:	d link	model:	dir-618	scope:	eq	version:	2.02	Trust: 0.6
vendor:	d link	model:	dir-605l	scope:	eq	version:	3.02	Trust: 0.6

sources: CNVD: CNVD-2025-11321

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-2550
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-11321
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2025-2550
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-11321
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-2550
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-11321 // NVD: CVE-2025-2550

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0

sources: NVD: CVE-2025-2550

EXTERNAL IDS

db:	NVD	id:	CVE-2025-2550	Trust: 1.6
db:	VULDB	id:	300164	Trust: 1.0
db:	CNVD	id:	CNVD-2025-11321	Trust: 0.6

sources: CNVD: CNVD-2025-11321 // NVD: CVE-2025-2550

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/d-link-dir-605l-formsetddns-1b153a41781f80feb80bd24afc8f83d5?pvs=4	Trust: 1.6
url:	https://lavender-bicycle-a5a.notion.site/d-link-dir-618-formsetddns-1b053a41781f80659702da9a589e4f4a?pvs=4	Trust: 1.0
url:	https://vuldb.com/?id.300164	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://vuldb.com/?submit.516792	Trust: 1.0
url:	https://vuldb.com/?ctiid.300164	Trust: 1.0

sources: CNVD: CNVD-2025-11321 // NVD: CVE-2025-2550

SOURCES

db:	CNVD	id:	CNVD-2025-11321
db:	NVD	id:	CVE-2025-2550

LAST UPDATE DATE

2025-06-05T23:12:48.040000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11321	date:	2025-06-04T00:00:00
db:	NVD	id:	CVE-2025-2550	date:	2025-03-20T17:15:38.903

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11321	date:	2025-06-04T00:00:00
db:	NVD	id:	CVE-2025-2550	date:	2025-03-20T17:15:38.903