CVE-2025-6372 in DIR-619Linfo

Summary

by MITRE • 06/21/2025

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/25/2025

This critical vulnerability in D-Link DIR-619L 2.06B01 represents a stack-based buffer overflow flaw within the web interface administration component. The vulnerability resides in the formSetWizard1 function located at /goform/formSetWizard1, where improper input validation allows attackers to manipulate the curTime argument. This specific flaw enables remote code execution through a carefully crafted buffer overflow attack that targets the device's stack memory structure. The vulnerability's classification as critical stems from its remote exploitability and the potential for arbitrary code execution on the affected device.

The technical implementation of this vulnerability demonstrates poor input sanitization practices where the curTime parameter lacks proper bounds checking and validation mechanisms. When an attacker submits malicious input to this parameter, the system fails to properly validate the input length, allowing the data to overflow the allocated stack buffer and overwrite adjacent memory locations. This memory corruption can potentially overwrite return addresses, function pointers, or other critical program state information, enabling attackers to redirect execution flow. The attack vector operates entirely through the web interface without requiring physical access or authentication, making it particularly dangerous for network-connected devices.

The operational impact of this vulnerability extends beyond simple remote code execution to encompass complete device compromise and potential network infiltration. Once exploited, attackers can gain full administrative control over the router, enabling them to modify network configurations, redirect traffic, install malicious firmware, or use the device as a pivot point for attacking other systems within the local network. The fact that this vulnerability affects an unsupported product version compounds the risk significantly, as users cannot receive official security updates or patches to remediate the issue. Organizations and individuals relying on this device face heightened exposure to persistent threats and potential data breaches.

Security practitioners should implement immediate network segmentation measures to isolate affected devices from critical network segments, while also deploying network monitoring solutions to detect potential exploitation attempts. The lack of vendor support for this product necessitates alternative mitigation strategies including disabling unnecessary web services, implementing strict firewall rules, and conducting thorough network scans to identify potentially compromised devices. This vulnerability aligns with CWE-121 stack-based buffer overflow classification and represents a technique commonly associated with attack patterns described in the MITRE ATT&CK framework under the T1059.007 execution methods category. Organizations should consider replacing affected devices with supported models and implementing robust network access controls to prevent unauthorized access to legacy networking equipment.

Responsible

VulDB

Disclosure

06/21/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00820

KEV

no

Activities

low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!