Details of VAR-202506-0909

ID

VAR-202506-0909

CVE

CVE-2025-6121

TITLE

D-Link Systems, Inc. of DIR-632 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007202

DESCRIPTION

A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-632 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-632 is a router from D-Link of China. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2025-6121 // JVNDB: JVNDB-2025-007202 // CNVD: CNVD-2025-15622

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15622

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-632	scope:	eq	version:	103b08	Trust: 1.0
vendor:	d link	model:	dir-632	scope:	eq	version:	dir-632 firmware 103b08	Trust: 0.8
vendor:	d link	model:	dir-632	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-632	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-632 103b08	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15622 // JVNDB: JVNDB-2025-007202 // NVD: CVE-2025-6121

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6121
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007202
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-15622
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6121
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007202
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-15622
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6121
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007202
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15622 // JVNDB: JVNDB-2025-007202 // NVD: CVE-2025-6121

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007202 // NVD: CVE-2025-6121

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6121	Trust: 3.2
db:	VULDB	id:	312590	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-007202	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15622	Trust: 0.6

sources: CNVD: CNVD-2025-15622 // JVNDB: JVNDB-2025-007202 // NVD: CVE-2025-6121

REFERENCES

url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink-get_pure_content	Trust: 1.8
url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink-get_pure_content#poc	Trust: 1.8
url:	https://vuldb.com/?id.312590	Trust: 1.8
url:	https://vuldb.com/?submit.592574	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6121	Trust: 1.4
url:	https://vuldb.com/?ctiid.312590	Trust: 1.0

sources: CNVD: CNVD-2025-15622 // JVNDB: JVNDB-2025-007202 // NVD: CVE-2025-6121

SOURCES

db:	CNVD	id:	CNVD-2025-15622
db:	JVNDB	id:	JVNDB-2025-007202
db:	NVD	id:	CVE-2025-6121

LAST UPDATE DATE

2025-07-15T23:40:06.540000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15622	date:	2025-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-007202	date:	2025-06-18T07:24:00
db:	NVD	id:	CVE-2025-6121	date:	2025-06-17T19:37:29.160

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15622	date:	2025-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-007202	date:	2025-06-18T00:00:00
db:	NVD	id:	CVE-2025-6121	date:	2025-06-16T12:15:19.970