CVE-2025-6614 in DIR-619Linfo

Summary

by MITRE • 06/25/2025

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 06/26/2025

The vulnerability identified as CVE-2025-6614 represents a critical stack-based buffer overflow flaw in D-Link DIR-619L router firmware version 2.06B01. This vulnerability resides within the web interface functionality, specifically in the formSetWANType_Wizard5 component located at /goform/formSetWANType_Wizard5. The flaw manifests when the curTime argument is manipulated during the execution of this function, creating conditions that allow attackers to overflow stack memory boundaries and potentially execute arbitrary code on the affected device. The vulnerability's classification as critical stems from its remote exploitability and the fact that exploitation has already been publicly disclosed, making it immediately actionable by threat actors.

The technical nature of this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations on the program stack. This type of vulnerability typically occurs when a program writes data to a buffer without proper validation of the data size relative to the buffer capacity, enabling attackers to overwrite return addresses, function pointers, or other critical stack variables. The attack vector is remote, meaning that an attacker can exploit this vulnerability without physical access to the device, simply by sending maliciously crafted requests to the affected router's web interface.

The operational impact of this vulnerability extends beyond simple remote code execution, as it can enable complete compromise of the affected D-Link router. Successful exploitation could allow attackers to gain administrative privileges, modify network configurations, redirect traffic through malicious proxies, or establish persistent backdoors for continued access. Given that the affected device is no longer supported by the vendor, users have no official security updates available to address this vulnerability, leaving them exposed to potential exploitation for an extended period. This scenario creates a particularly dangerous situation where the device remains vulnerable to known exploits while no vendor support exists for remediation.

The exploitation of this vulnerability demonstrates characteristics consistent with ATT&CK technique T1210, which involves exploiting weaknesses in remote services to gain unauthorized access to systems. Organizations and individuals using unsupported network equipment face heightened risk from such vulnerabilities, as they cannot rely on vendor-provided patches or security updates to address the flaw. The combination of public exploit availability and lack of vendor support creates an environment where this vulnerability can be weaponized by attackers to compromise network infrastructure. Mitigation strategies must focus on network segmentation, monitoring for suspicious traffic patterns, and immediate replacement of affected devices with supported models that receive regular security updates to prevent exploitation attempts.

Responsible

VulDB

Disclosure

06/25/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00867

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!