Sign-up

ID

VAR-202503-2674


CVE

CVE-2025-2549


TITLE

D-Link Systems, Inc.  of  DIR-618  firmware and  DIR-605L  Vulnerability regarding improper permission settings in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008964

DESCRIPTION

A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-618 firmware and DIR-605L The firmware contains vulnerabilities related to improper permission settings and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-618 version 2.02 and D-Link DIR-605L version 3.02 have access control error vulnerabilities. Attackers can use this vulnerability to set the device's password

Trust: 2.16

sources: NVD: CVE-2025-2549 // JVNDB: JVNDB-2025-008964 // CNVD: CNVD-2025-11323

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11323

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-605lscope:eqversion:3.02

Trust: 1.0

vendor:dlinkmodel:dir-618scope:eqversion:2.02

Trust: 1.0

vendor:d linkmodel:dir-605lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-618scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-618scope:eqversion:2.02

Trust: 0.6

vendor:d linkmodel:dir-605lscope:eqversion:3.02

Trust: 0.6

sources: CNVD: CNVD-2025-11323 // JVNDB: JVNDB-2025-008964 // NVD: CVE-2025-2549

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2549
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-2549
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-008964
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-11323
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-2549
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-008964
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-11323
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-2549
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-2549
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-008964
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11323 // JVNDB: JVNDB-2025-008964 // NVD: CVE-2025-2549 // NVD: CVE-2025-2549

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008964 // NVD: CVE-2025-2549

EXTERNAL IDS

db:NVDid:CVE-2025-2549

Trust: 3.2

db:VULDBid:300163

Trust: 1.8

db:JVNDBid:JVNDB-2025-008964

Trust: 0.8

db:CNVDid:CNVD-2025-11323

Trust: 0.6

sources: CNVD: CNVD-2025-11323 // JVNDB: JVNDB-2025-008964 // NVD: CVE-2025-2549

REFERENCES

url:https://lavender-bicycle-a5a.notion.site/d-link-dir-605l-formsetpassword-1b153a41781f803d8166f9b551b30cd4?pvs=4

Trust: 2.4

url:https://lavender-bicycle-a5a.notion.site/d-link-dir-618-formsetpassword-1b053a41781f8021b704f7dfeb1fcd09?pvs=4

Trust: 1.8

url:https://vuldb.com/?id.300163

Trust: 1.8

url:https://vuldb.com/?submit.516791

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.300163

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2549

Trust: 0.8

sources: CNVD: CNVD-2025-11323 // JVNDB: JVNDB-2025-008964 // NVD: CVE-2025-2549

SOURCES

db:CNVDid:CNVD-2025-11323
db:JVNDBid:JVNDB-2025-008964
db:NVDid:CVE-2025-2549

LAST UPDATE DATE

2025-07-17T23:38:03.797000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11323date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-008964date:2025-07-16T04:42:00
db:NVDid:CVE-2025-2549date:2025-07-15T18:42:50.367

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11323date:2025-06-04T00:00:00
db:JVNDBid:JVNDB-2025-008964date:2025-07-16T00:00:00
db:NVDid:CVE-2025-2549date:2025-03-20T17:15:38.693