CVE-2025-6369 in DIR-619Linfo

Summary

by MITRE • 06/21/2025

A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/25/2025

The vulnerability identified as CVE-2025-6369 represents a critical stack-based buffer overflow flaw within the D-Link DIR-619L router firmware version 2.06B01. This vulnerability resides in the formdumpeasysetup function located within the /goform/formdumpeasysetup file, making it accessible through web-based interfaces that utilize this specific endpoint. The flaw manifests when processing the curTime/config.save_network_enabled argument, which serves as the attack vector for exploiting the buffer overflow condition. The stack-based nature of this vulnerability means that malicious input can overwrite adjacent memory locations on the program stack, potentially leading to arbitrary code execution or system crashes.

The technical exploitation of this vulnerability occurs through remote access capabilities, as the affected function is exposed via the web interface of the router. Attackers can craft malicious payloads targeting the curTime/config.save_network_enabled parameter to trigger the buffer overflow condition. This remote exploitability significantly amplifies the threat surface since no physical access or local network presence is required to initiate the attack. The vulnerability's classification as critical stems from its potential for remote code execution, which could allow attackers to completely compromise the affected router's operational integrity. The exploitation of this flaw aligns with attack patterns documented in the attack technique T1219 - Remote Access Tools, where adversaries leverage web-based attack surfaces to establish persistent access to network infrastructure.

The operational impact of this vulnerability extends beyond simple system compromise, as it affects network infrastructure devices that serve as gateways for entire network segments. When exploited successfully, the buffer overflow could enable attackers to gain unauthorized administrative access to the router, potentially allowing them to modify network configurations, redirect traffic, or establish persistent backdoors. The fact that this vulnerability affects a router model that is no longer supported by the manufacturer creates a particularly concerning scenario, as users cannot receive official security patches or updates to address the issue. This leaves affected networks exposed to potential exploitation, with the public disclosure of the exploit further increasing the risk of widespread compromise across networks utilizing these unsupported devices.

Organizations and individuals using D-Link DIR-619L routers should immediately implement mitigations to protect their network infrastructure, as the lack of vendor support for this device makes traditional remediation approaches ineffective. The vulnerability's design flaw places it within the scope of CWE-121 Stack-based Buffer Overflow, which represents a fundamental weakness in memory management that has been consistently exploited in network device attacks. Network segmentation strategies should be implemented to isolate affected devices from critical systems, while monitoring for unusual network traffic patterns that might indicate exploitation attempts. Additionally, organizations should consider replacing affected devices with supported models or implementing network access controls that limit exposure to this vulnerability. The continued use of unsupported network infrastructure creates persistent security risks that can compromise entire network perimeters, making immediate remediation essential for maintaining network security posture and compliance with industry security standards.

Responsible

VulDB

Disclosure

06/21/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00820

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!