CVE-2025-6370 in DIR-619L
Summary
by MITRE • 06/21/2025
A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/25/2025
The vulnerability identified as CVE-2025-6370 represents a critical stack-based buffer overflow flaw in D-Link DIR-619L 2.06B01 wireless router firmware. This vulnerability resides within the formWlanGuestSetup function located in the /goform/formWlanGuestSetup file, which is part of the web-based administration interface. The specific technical weakness occurs when processing the curTime argument, where insufficient input validation allows attackers to manipulate memory layout through crafted input data. The flaw manifests as a classic buffer overflow condition where data exceeding the allocated stack buffer space overwrites adjacent memory locations, potentially leading to arbitrary code execution or system crashes.
The operational impact of this vulnerability is significant given its remote exploitability and the public availability of exploit code. Attackers can leverage this weakness without requiring physical access or local credentials, making it particularly dangerous for networked environments. The stack-based buffer overflow creates opportunities for privilege escalation and system compromise, as memory corruption can be manipulated to redirect program execution flow. This vulnerability directly aligns with CWE-121 stack-based buffer overflow classification and represents a critical entry point for potential attackers seeking to gain unauthorized control over affected devices. The exploitability is further amplified by the fact that this vulnerability affects devices that are no longer supported by the vendor, meaning users cannot receive official security patches or updates.
The security implications extend beyond simple device compromise, as compromised routers can serve as launching points for broader network attacks, including man-in-the-middle operations, DNS hijacking, or as part of botnet formations. The affected D-Link DIR-619L model represents a consumer-grade device that typically operates in home or small office environments, making it a valuable target for attackers seeking persistent network access. According to ATT&CK framework, this vulnerability maps to techniques involving remote code execution and privilege escalation, potentially enabling adversaries to establish persistent backdoors or exfiltrate network traffic. Organizations and individuals using unsupported firmware versions face heightened risk exposure, as the lack of vendor support means no security updates or mitigations are available to address this critical weakness. The public disclosure of exploit code further accelerates the threat landscape, as malicious actors can immediately deploy attacks against vulnerable installations without requiring advanced exploitation techniques or extensive reconnaissance.