Details of VAR-202505-0223

ID

VAR-202505-0223

CVE

CVE-2025-4452

TITLE

D-Link Systems, Inc. of DIR-619L Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005005

DESCRIPTION

A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router from D-Link of China. The vulnerability is caused by the failure of the curTime parameter of the formSetWizard2 function to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4452 // JVNDB: JVNDB-2025-005005 // CNVD: CNVD-2025-11189

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11189

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-619l	scope:	eq	version:	2.04b04	Trust: 1.0
vendor:	d link	model:	dir-619l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	eq	version:	dir-619l firmware 2.04b04	Trust: 0.8
vendor:	d link	model:	dir-619l 2.04b04	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-11189 // JVNDB: JVNDB-2025-005005 // NVD: CVE-2025-4452

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4452
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-4452
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-005005
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-11189
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-4452
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-005005
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-11189
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-4452
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-4452
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-005005
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11189 // JVNDB: JVNDB-2025-005005 // NVD: CVE-2025-4452 // NVD: CVE-2025-4452

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005005 // NVD: CVE-2025-4452

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4452	Trust: 3.2
db:	VULDB	id:	308066	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-005005	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11189	Trust: 0.6

sources: CNVD: CNVD-2025-11189 // JVNDB: JVNDB-2025-005005 // NVD: CVE-2025-4452

REFERENCES

url:	https://vuldb.com/?id.308066	Trust: 1.8
url:	https://vuldb.com/?submit.560795	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://github.com/jylsec/vuldb/blob/main/d-link/dlink_dir619l/buffer_overflow-formsetwizard2-curtime/readme.md	Trust: 1.6
url:	https://vuldb.com/?ctiid.308066	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4452	Trust: 0.8

sources: CNVD: CNVD-2025-11189 // JVNDB: JVNDB-2025-005005 // NVD: CVE-2025-4452

SOURCES

db:	CNVD	id:	CNVD-2025-11189
db:	JVNDB	id:	JVNDB-2025-005005
db:	NVD	id:	CVE-2025-4452

LAST UPDATE DATE

2025-06-01T23:05:45.122000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11189	date:	2025-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2025-005005	date:	2025-05-15T06:37:00
db:	NVD	id:	CVE-2025-4452	date:	2025-05-13T18:27:48.207

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11189	date:	2025-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-005005	date:	2025-05-15T00:00:00
db:	NVD	id:	CVE-2025-4452	date:	2025-05-09T02:15:19.630