Sign-up

ID

VAR-202506-1057


CVE

CVE-2025-6372


TITLE

D-Link DIR-619L formSetWizard1 stack overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-13334

DESCRIPTION

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router designed for home and small office environments. It adopts the IEEE 802.11n wireless standard and has a maximum transmission rate of 300Mbps. D-Link DIR-619L /goform/formSetWizard1 has a stack overflow vulnerability. The vulnerability is caused by improper memory buffer operation restrictions. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash or execute arbitrary code in the application context

Trust: 1.44

sources: NVD: CVE-2025-6372 // CNVD: CNVD-2025-13334

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13334

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-619lscope:eqversion:2.06b1

Trust: 1.0

vendor:d linkmodel:dir-619l 2.06b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-13334 // NVD: CVE-2025-6372

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6372
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-13334
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-6372
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-13334
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-6372
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-13334 // NVD: CVE-2025-6372

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2025-6372

EXTERNAL IDS

db:NVDid:CVE-2025-6372

Trust: 1.6

db:VULDBid:313365

Trust: 1.0

db:CNVDid:CNVD-2025-13334

Trust: 0.6

sources: CNVD: CNVD-2025-13334 // NVD: CVE-2025-6372

REFERENCES

url:https://github.com/wudipjq/my_vuln/blob/main/d-link6/vuln_72/72.md

Trust: 1.6

url:https://vuldb.com/?submit.597426

Trust: 1.0

url:https://www.dlink.com/

Trust: 1.0

url:https://vuldb.com/?id.313365

Trust: 1.0

url:https://vuldb.com/?ctiid.313365

Trust: 1.0

sources: CNVD: CNVD-2025-13334 // NVD: CVE-2025-6372

SOURCES

db:CNVDid:CNVD-2025-13334
db:NVDid:CVE-2025-6372

LAST UPDATE DATE

2025-06-26T23:33:19.760000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13334date:2025-06-24T00:00:00
db:NVDid:CVE-2025-6372date:2025-06-25T20:09:56.243

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13334date:2025-06-24T00:00:00
db:NVDid:CVE-2025-6372date:2025-06-20T23:15:20.077