Details of VAR-202503-2657

ID

VAR-202503-2657

CVE

CVE-2025-2546

TITLE

D-Link DIR-605L/DIR-618 formAdvFirewall function access control error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-11319

DESCRIPTION

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-605L version 3.02 and D-Link DIR-618 version 2.02 have access control error vulnerabilities. Attackers can use this vulnerability to set up the device's firewall and DMZ services

Trust: 1.44

sources: NVD: CVE-2025-2546 // CNVD: CNVD-2025-11319

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11319

AFFECTED PRODUCTS

vendor:	d link	model:	dir-618	scope:	eq	version:	2.02	Trust: 0.6
vendor:	d link	model:	dir-605l	scope:	eq	version:	3.02	Trust: 0.6

sources: CNVD: CNVD-2025-11319

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-2546
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-11319
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2025-2546
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-11319
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-2546
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-11319 // NVD: CVE-2025-2546

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0

sources: NVD: CVE-2025-2546

EXTERNAL IDS

db:	NVD	id:	CVE-2025-2546	Trust: 1.6
db:	VULDB	id:	300160	Trust: 1.0
db:	CNVD	id:	CNVD-2025-11319	Trust: 0.6

sources: CNVD: CNVD-2025-11319 // NVD: CVE-2025-2546

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/d-link-dir-605l-formadvfirewall-1b153a41781f80aca28ec11da787f0e8?pvs=4	Trust: 1.6
url:	https://vuldb.com/?id.300160	Trust: 1.0
url:	https://vuldb.com/?ctiid.300160	Trust: 1.0
url:	https://vuldb.com/?submit.516788	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://lavender-bicycle-a5a.notion.site/d-link-dir-618-formadvfirewall-1b053a41781f801ca1a5e09bb83a22c5?pvs=4	Trust: 1.0

sources: CNVD: CNVD-2025-11319 // NVD: CVE-2025-2546

SOURCES

db:	CNVD	id:	CNVD-2025-11319
db:	NVD	id:	CVE-2025-2546

LAST UPDATE DATE

2025-06-05T23:17:42.783000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11319	date:	2025-06-04T00:00:00
db:	NVD	id:	CVE-2025-2546	date:	2025-03-20T15:15:46.420

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11319	date:	2025-06-03T00:00:00
db:	NVD	id:	CVE-2025-2546	date:	2025-03-20T15:15:46.420