Sign-up

ID

VAR-202503-2657


CVE

CVE-2025-2546


TITLE

D-Link Systems, Inc.  of  DIR-618  firmware and  DIR-605L  Vulnerability regarding improper permission settings in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008965

DESCRIPTION

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-618 firmware and DIR-605L The firmware contains vulnerabilities related to improper permission settings and access control.Information may be tampered with. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-605L version 3.02 and D-Link DIR-618 version 2.02 have access control error vulnerabilities. Attackers can use this vulnerability to set up the device's firewall and DMZ services

Trust: 2.16

sources: NVD: CVE-2025-2546 // JVNDB: JVNDB-2025-008965 // CNVD: CNVD-2025-11319

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11319

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-605lscope:eqversion:3.02

Trust: 1.0

vendor:dlinkmodel:dir-618scope:eqversion:2.02

Trust: 1.0

vendor:d linkmodel:dir-605lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-618scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-618scope:eqversion:2.02

Trust: 0.6

vendor:d linkmodel:dir-605lscope:eqversion:3.02

Trust: 0.6

sources: CNVD: CNVD-2025-11319 // JVNDB: JVNDB-2025-008965 // NVD: CVE-2025-2546

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2546
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-008965
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-11319
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-2546
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-008965
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11319
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-2546
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-008965
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11319 // JVNDB: JVNDB-2025-008965 // NVD: CVE-2025-2546

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008965 // NVD: CVE-2025-2546

EXTERNAL IDS

db:NVDid:CVE-2025-2546

Trust: 3.2

db:VULDBid:300160

Trust: 1.8

db:JVNDBid:JVNDB-2025-008965

Trust: 0.8

db:CNVDid:CNVD-2025-11319

Trust: 0.6

sources: CNVD: CNVD-2025-11319 // JVNDB: JVNDB-2025-008965 // NVD: CVE-2025-2546

REFERENCES

url:https://lavender-bicycle-a5a.notion.site/d-link-dir-605l-formadvfirewall-1b153a41781f80aca28ec11da787f0e8?pvs=4

Trust: 2.4

url:https://lavender-bicycle-a5a.notion.site/d-link-dir-618-formadvfirewall-1b053a41781f801ca1a5e09bb83a22c5?pvs=4

Trust: 1.8

url:https://vuldb.com/?id.300160

Trust: 1.8

url:https://vuldb.com/?submit.516788

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.300160

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2546

Trust: 0.8

sources: CNVD: CNVD-2025-11319 // JVNDB: JVNDB-2025-008965 // NVD: CVE-2025-2546

SOURCES

db:CNVDid:CNVD-2025-11319
db:JVNDBid:JVNDB-2025-008965
db:NVDid:CVE-2025-2546

LAST UPDATE DATE

2025-07-17T23:49:52.026000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11319date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-008965date:2025-07-16T04:42:00
db:NVDid:CVE-2025-2546date:2025-07-15T18:37:41.550

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11319date:2025-06-03T00:00:00
db:JVNDBid:JVNDB-2025-008965date:2025-07-16T00:00:00
db:NVDid:CVE-2025-2546date:2025-03-20T15:15:46.420