CVE-2025-4448 — Improper Restriction of Operations within the Bounds of a Memory Buffer in D-link Dir-619l

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.9%

top 23.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-619l Dlink Dir-619l Firmware

Timeline

PublishedMay 9

Description

A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dir-619l2.04B04

▶NVDdlink/dir-619l_firmware2.04b04

🔴Vulnerability Details

CVEList

D-Link DIR-619L formEasySetupWizard buffer overflow↗2025-05-09

▶

GHSA

GHSA-44r5-8x6q-27jq: A vulnerability classified as critical was found in D-Link DIR-619L 2↗2025-05-09

▶