Details of VAR-202506-1123

ID

VAR-202506-1123

CVE

CVE-2025-6368

TITLE

D-Link Systems, Inc. of DIR-619L Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009680

DESCRIPTION

A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-619L The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-619L is a wireless router designed for home and small office environments. It adopts the IEEE 802.11n wireless standard and has a maximum transmission rate of 300Mbps. D-Link DIR-619L /goform/formSetEmail has a stack overflow vulnerability. Remote attackers can use this vulnerability to submit special requests, which can cause the application to crash or execute arbitrary code in the application context

Trust: 2.16

sources: NVD: CVE-2025-6368 // JVNDB: JVNDB-2025-009680 // CNVD: CNVD-2025-13338

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13338

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-619l	scope:	eq	version:	2.06b1	Trust: 1.0
vendor:	d link	model:	dir-619l	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	eq	version:	dir-619l firmware 2.06b1	Trust: 0.8
vendor:	d link	model:	dir-619l 2.06b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-13338 // JVNDB: JVNDB-2025-009680 // NVD: CVE-2025-6368

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6368
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009680
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13338
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6368
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009680
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-13338
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6368
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009680
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13338 // JVNDB: JVNDB-2025-009680 // NVD: CVE-2025-6368

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009680 // NVD: CVE-2025-6368

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6368	Trust: 3.2
db:	VULDB	id:	313361	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009680	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13338	Trust: 0.6

sources: CNVD: CNVD-2025-13338 // JVNDB: JVNDB-2025-009680 // NVD: CVE-2025-6368

REFERENCES

url:	https://github.com/wudipjq/my_vuln/blob/main/d-link6/vuln_68/68.md	Trust: 2.4
url:	https://vuldb.com/?id.313361	Trust: 1.8
url:	https://vuldb.com/?submit.597421	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.313361	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6368	Trust: 0.8

sources: CNVD: CNVD-2025-13338 // JVNDB: JVNDB-2025-009680 // NVD: CVE-2025-6368

SOURCES

db:	CNVD	id:	CNVD-2025-13338
db:	JVNDB	id:	JVNDB-2025-009680
db:	NVD	id:	CVE-2025-6368

LAST UPDATE DATE

2025-07-28T23:13:27.131000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13338	date:	2025-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2025-009680	date:	2025-07-23T08:38:00
db:	NVD	id:	CVE-2025-6368	date:	2025-06-25T20:09:17.983

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13338	date:	2025-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2025-009680	date:	2025-07-23T00:00:00
db:	NVD	id:	CVE-2025-6368	date:	2025-06-20T22:15:19.407