Details of VAR-202503-2674

ID

VAR-202503-2674

CVE

CVE-2025-2549

TITLE

D-Link DIR-605L/DIR-618 formSetPassword function access control error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-11323

DESCRIPTION

A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-605L and D-Link DIR-618 are both wireless routers from China's D-Link. D-Link DIR-618 version 2.02 and D-Link DIR-605L version 3.02 have access control error vulnerabilities. Attackers can use this vulnerability to set the device's password

Trust: 1.44

sources: NVD: CVE-2025-2549 // CNVD: CNVD-2025-11323

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11323

AFFECTED PRODUCTS

vendor:	d link	model:	dir-618	scope:	eq	version:	2.02	Trust: 0.6
vendor:	d link	model:	dir-605l	scope:	eq	version:	3.02	Trust: 0.6

sources: CNVD: CNVD-2025-11323

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-2549
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-11323
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2025-2549
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-11323
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-2549
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-11323 // NVD: CVE-2025-2549

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0

sources: NVD: CVE-2025-2549

EXTERNAL IDS

db:	NVD	id:	CVE-2025-2549	Trust: 1.6
db:	VULDB	id:	300163	Trust: 1.0
db:	CNVD	id:	CNVD-2025-11323	Trust: 0.6

sources: CNVD: CNVD-2025-11323 // NVD: CVE-2025-2549

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/d-link-dir-605l-formsetpassword-1b153a41781f803d8166f9b551b30cd4?pvs=4	Trust: 1.6
url:	https://vuldb.com/?ctiid.300163	Trust: 1.0
url:	https://vuldb.com/?id.300163	Trust: 1.0
url:	https://vuldb.com/?submit.516791	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://lavender-bicycle-a5a.notion.site/d-link-dir-618-formsetpassword-1b053a41781f8021b704f7dfeb1fcd09?pvs=4	Trust: 1.0

sources: CNVD: CNVD-2025-11323 // NVD: CVE-2025-2549

SOURCES

db:	CNVD	id:	CNVD-2025-11323
db:	NVD	id:	CVE-2025-2549

LAST UPDATE DATE

2025-06-05T23:17:16.313000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11323	date:	2025-06-04T00:00:00
db:	NVD	id:	CVE-2025-2549	date:	2025-03-20T17:15:38.693

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11323	date:	2025-06-04T00:00:00
db:	NVD	id:	CVE-2025-2549	date:	2025-03-20T17:15:38.693