Details of VAR-202506-1322

ID

VAR-202506-1322

CVE

CVE-2025-6617

TITLE

D-Link DIR-619L /formAdvanceSetup file stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-14213

DESCRIPTION

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-619L is a wireless router from D-Link, a Chinese company. There is a stack buffer overflow vulnerability in the D-Link DIR-619L /formAdvanceSetup file, which is caused by incorrect boundary checking. An attacker can exploit this vulnerability to cause a buffer overflow, execute arbitrary code on the system, or cause the application to crash

Trust: 1.44

sources: NVD: CVE-2025-6617 // CNVD: CNVD-2025-14213

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-14213

AFFECTED PRODUCTS

vendor:

d link

model:

dir-619l 2.06b01

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-14213

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6617
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-14213
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6617
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-14213
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6617
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-14213 // NVD: CVE-2025-6617

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0

sources: NVD: CVE-2025-6617

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6617	Trust: 1.6
db:	VULDB	id:	313835	Trust: 1.0
db:	CNVD	id:	CNVD-2025-14213	Trust: 0.6

sources: CNVD: CNVD-2025-14213 // NVD: CVE-2025-6617

REFERENCES

url:	https://vuldb.com/?submit.602260	Trust: 1.0
url:	https://github.com/wudipjq/my_vuln/blob/main/d-link6/vuln_78/78.md#poc	Trust: 1.0
url:	https://vuldb.com/?ctiid.313835	Trust: 1.0
url:	https://vuldb.com/?id.313835	Trust: 1.0
url:	https://www.dlink.com/	Trust: 1.0
url:	https://github.com/wudipjq/my_vuln/blob/main/d-link6/vuln_78/78.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6617	Trust: 0.6

sources: CNVD: CNVD-2025-14213 // NVD: CVE-2025-6617

SOURCES

db:	CNVD	id:	CNVD-2025-14213
db:	NVD	id:	CVE-2025-6617

LAST UPDATE DATE

2025-06-29T23:15:04.881000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-14213	date:	2025-06-27T00:00:00
db:	NVD	id:	CVE-2025-6617	date:	2025-06-26T18:57:43.670

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-14213	date:	2025-06-27T00:00:00
db:	NVD	id:	CVE-2025-6617	date:	2025-06-25T17:15:40.507