Details of VAR-202506-0630

ID

VAR-202506-0630

CVE

CVE-2025-5969

TITLE

D-Link DIR-632 /biurl_grou file buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-13066

DESCRIPTION

A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-632 is a router of D-Link, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 1.44

sources: NVD: CVE-2025-5969 // CNVD: CNVD-2025-13066

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13066

AFFECTED PRODUCTS

vendor:

d link

model:

dir-632 fw103b08

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-13066

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5969
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-13066
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5969
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-13066
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5969
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-13066 // NVD: CVE-2025-5969

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0

sources: NVD: CVE-2025-5969

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5969	Trust: 1.6
db:	VULDB	id:	311845	Trust: 1.0
db:	CNVD	id:	CNVD-2025-13066	Trust: 0.6

sources: CNVD: CNVD-2025-13066 // NVD: CVE-2025-5969

REFERENCES

url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink-fun_00425fd8	Trust: 1.6
url:	https://vuldb.com/?ctiid.311845	Trust: 1.0
url:	https://vuldb.com/?submit.592336	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://vuldb.com/?id.311845	Trust: 1.0
url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink-fun_00425fd8#poc	Trust: 1.0

sources: CNVD: CNVD-2025-13066 // NVD: CVE-2025-5969

SOURCES

db:	CNVD	id:	CNVD-2025-13066
db:	NVD	id:	CVE-2025-5969

LAST UPDATE DATE

2025-06-21T23:28:40.676000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13066	date:	2025-06-20T00:00:00
db:	NVD	id:	CVE-2025-5969	date:	2025-06-12T16:06:29.520

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13066	date:	2025-06-20T00:00:00
db:	NVD	id:	CVE-2025-5969	date:	2025-06-10T17:25:20.293