Details of VAR-202506-1060

ID

VAR-202506-1060

CVE

CVE-2025-6334

TITLE

D-Link Systems, Inc. of DIR-867 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008737

DESCRIPTION

A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-867 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-867 is a wireless router from D-Link, a Chinese company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2025-6334 // JVNDB: JVNDB-2025-008737 // CNVD: CNVD-2025-15624

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15624

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-867	scope:	eq	version:	1.0	Trust: 1.0
vendor:	d link	model:	dir-867	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-867	scope:	eq	version:	dir-867 firmware 1.0	Trust: 0.8
vendor:	d link	model:	dir-867	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-867	scope:	eq	version:	v1.0	Trust: 0.6

sources: CNVD: CNVD-2025-15624 // JVNDB: JVNDB-2025-008737 // NVD: CVE-2025-6334

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6334
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-008737
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-15624
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6334
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-008737
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-15624
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6334
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-008737
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15624 // JVNDB: JVNDB-2025-008737 // NVD: CVE-2025-6334

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-008737 // NVD: CVE-2025-6334

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6334	Trust: 3.2
db:	VULDB	id:	313330	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-008737	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15624	Trust: 0.6

sources: CNVD: CNVD-2025-15624 // JVNDB: JVNDB-2025-008737 // NVD: CVE-2025-6334

REFERENCES

url:	https://github.com/thir0th/thir0th-cve/blob/main/dir-867%20ac1750.md	Trust: 1.8
url:	https://vuldb.com/?id.313330	Trust: 1.8
url:	https://vuldb.com/?submit.596579	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6334	Trust: 1.4
url:	https://vuldb.com/?ctiid.313330	Trust: 1.0

sources: CNVD: CNVD-2025-15624 // JVNDB: JVNDB-2025-008737 // NVD: CVE-2025-6334

SOURCES

db:	CNVD	id:	CNVD-2025-15624
db:	JVNDB	id:	JVNDB-2025-008737
db:	NVD	id:	CVE-2025-6334

LAST UPDATE DATE

2025-07-16T23:30:00.354000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15624	date:	2025-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-008737	date:	2025-07-14T06:01:00
db:	NVD	id:	CVE-2025-6334	date:	2025-07-11T15:55:13.053

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15624	date:	2025-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-008737	date:	2025-07-14T00:00:00
db:	NVD	id:	CVE-2025-6334	date:	2025-06-20T11:15:22.083