CVE-2025-2618Improper Restriction of Operations within the Bounds of a Memory Buffer in D-link Dap-1620

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
0.7%
top 27.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dap-1620Dlink Dap-1620 Firmware
Timeline
PublishedMar 22

Description

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dap-16201.03

🔴Vulnerability Details

2
GHSA
GHSA-6rw4-c297-m856: A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 12025-03-22
CVEList
D-Link DAP-1620 Path api set_ws_action heap-based overflow2025-03-22
CVE-2025-2618 — D-link Dap-1620 vulnerability | cvebase