CVE-2025-6374 in DIR-619Linfo

Summary

by MITRE • 06/21/2025

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/25/2025

The vulnerability identified as CVE-2025-6374 represents a critical stack-based buffer overflow in D-Link DIR-619L 2.06B01 wireless routers, classified under CWE-121 Stack-based Buffer Overflow. This flaw resides within the formSetACLFilter function of the /goform/formSetACLFilter file, which handles access control list filtering operations. The vulnerability specifically occurs when processing the curTime argument, where insufficient bounds checking allows an attacker to overflow the stack buffer and potentially execute arbitrary code. The attack vector is remote, meaning malicious actors can exploit this vulnerability without physical access to the device, making it particularly dangerous for networked environments.

The technical exploitation of this vulnerability follows established patterns described in the ATT&CK framework under T1210 Exploitation of Remote Services and T1059 Command and Scripting Interpreter. The stack-based buffer overflow allows for arbitrary code execution with the privileges of the affected process, typically corresponding to the web server running on the router. This presents a significant operational impact as attackers can gain full control over the device, potentially enabling them to modify network configurations, intercept traffic, or use the compromised router as a pivot point for attacking other devices within the local network. The vulnerability's remote exploitability means that attackers can target these devices from anywhere on the internet, particularly concerning given that the affected models are no longer supported by the vendor, eliminating any possibility of official security patches.

The exploitation of CVE-2025-6374 poses severe risks to network security infrastructure, as routers serve as fundamental network gateways and often maintain privileged network positions. The lack of vendor support for these devices compounds the security risk, leaving users without official remediation paths. Organizations and individuals utilizing these unsupported router models face heightened exposure to persistent threats, as the vulnerability has been publicly disclosed and may already be in active use by threat actors. The combination of remote exploitability, arbitrary code execution capability, and the absence of vendor support creates a dangerous security landscape where affected devices become prime targets for cybercriminals seeking to establish persistent network footholds. This vulnerability exemplifies the critical importance of maintaining supported network equipment and the dangers associated with using legacy devices that no longer receive security updates or patches from their manufacturers.

Responsible

VulDB

Disclosure

06/21/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00820

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!