Details of VAR-202508-0647

ID

VAR-202508-0647

CVE

CVE-2025-8978

TITLE

D-Link Corporation of DIR-619L Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-013887

DESCRIPTION

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-619L Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-619L is a home wireless router from D-Link, designed for home and small office environments. It utilizes the IEEE 802.11n wireless standard and boasts a maximum transmission rate of 300Mbps. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2025-8978 // JVNDB: JVNDB-2025-013887 // CNVD: CNVD-2025-20602

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20602

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-619l	scope:	eq	version:	6.02cn02	Trust: 1.0
vendor:	d link	model:	dir-619l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-619l	scope:	eq	version:	dir-619l firmware 6.02cn02	Trust: 0.8
vendor:	d link	model:	dir-619l 6.02cn02	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-20602 // JVNDB: JVNDB-2025-013887 // NVD: CVE-2025-8978

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-8978
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-8978
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-013887
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-20602
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-8978
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-013887
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-20602
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-8978
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-8978
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-013887
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-20602 // JVNDB: JVNDB-2025-013887 // NVD: CVE-2025-8978 // NVD: CVE-2025-8978

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.0
problemtype:	Inadequate verification of data reliability (CWE-345) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-013887 // NVD: CVE-2025-8978

EXTERNAL IDS

db:	NVD	id:	CVE-2025-8978	Trust: 3.2
db:	VULDB	id:	319974	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-013887	Trust: 0.8
db:	CNVD	id:	CNVD-2025-20602	Trust: 0.6

sources: CNVD: CNVD-2025-20602 // JVNDB: JVNDB-2025-013887 // NVD: CVE-2025-8978

REFERENCES

url:	https://github.com/iotres/iot_firmware_update/blob/main/dlink/dir619l.md	Trust: 1.8
url:	https://vuldb.com/?id.319974	Trust: 1.8
url:	https://vuldb.com/?submit.628599	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-8978	Trust: 1.4
url:	https://vuldb.com/?ctiid.319974	Trust: 1.0

sources: CNVD: CNVD-2025-20602 // JVNDB: JVNDB-2025-013887 // NVD: CVE-2025-8978

SOURCES

db:	CNVD	id:	CNVD-2025-20602
db:	JVNDB	id:	JVNDB-2025-013887
db:	NVD	id:	CVE-2025-8978

LAST UPDATE DATE

2025-09-19T23:25:10.604000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-20602	date:	2025-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2025-013887	date:	2025-09-16T06:29:00
db:	NVD	id:	CVE-2025-8978	date:	2025-09-12T15:51:28.287

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-20602	date:	2025-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2025-013887	date:	2025-09-16T00:00:00
db:	NVD	id:	CVE-2025-8978	date:	2025-08-14T19:15:45.547