Details of VAR-202506-0796

ID

VAR-202506-0796

CVE

CVE-2025-6158

TITLE

D-Link Systems, Inc. of DIR-655 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009237

DESCRIPTION

A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-655 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-665 is a high-performance wireless router and a flagship product of D-Link. Attackers can exploit this vulnerability to cause remote code execution or service crash

Trust: 2.16

sources: NVD: CVE-2025-6158 // JVNDB: JVNDB-2025-009237 // CNVD: CNVD-2025-13519

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13519

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-655	scope:	eq	version:	1.00	Trust: 1.0
vendor:	d link	model:	dir-655	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-655	scope:	eq	version:	dir-655 firmware 1.00	Trust: 0.8
vendor:	d link	model:	dir-655	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-665	scope:	eq	version:	1	Trust: 0.6

sources: CNVD: CNVD-2025-13519 // JVNDB: JVNDB-2025-009237 // NVD: CVE-2025-6158

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6158
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009237
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13519
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6158
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009237
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-13519
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6158
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009237
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13519 // JVNDB: JVNDB-2025-009237 // NVD: CVE-2025-6158

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009237 // NVD: CVE-2025-6158

PATCH

title:

Patch for D-Link DIR-665 Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/699806

Trust: 0.6

sources: CNVD: CNVD-2025-13519

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6158	Trust: 3.2
db:	VULDB	id:	312633	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009237	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13519	Trust: 0.6

sources: CNVD: CNVD-2025-13519 // JVNDB: JVNDB-2025-009237 // NVD: CVE-2025-6158

REFERENCES

url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir665-dlink	Trust: 1.8
url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir665-dlink#poc	Trust: 1.8
url:	https://vuldb.com/?id.312633	Trust: 1.8
url:	https://vuldb.com/?submit.593161	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6158	Trust: 1.4
url:	https://vuldb.com/?ctiid.312633	Trust: 1.0

sources: CNVD: CNVD-2025-13519 // JVNDB: JVNDB-2025-009237 // NVD: CVE-2025-6158

SOURCES

db:	CNVD	id:	CNVD-2025-13519
db:	JVNDB	id:	JVNDB-2025-009237
db:	NVD	id:	CVE-2025-6158

LAST UPDATE DATE

2025-07-20T23:26:20.697000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13519	date:	2025-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2025-009237	date:	2025-07-18T04:50:00
db:	NVD	id:	CVE-2025-6158	date:	2025-07-16T17:00:25.983

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13519	date:	2025-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2025-009237	date:	2025-07-18T00:00:00
db:	NVD	id:	CVE-2025-6158	date:	2025-06-17T04:15:55.407