CVE-2025-6121

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

8.9HIGH

EPSS

1.3%

top 20.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-632 Dlink Dir-632 Firmware

Timeline

PublishedJun 16

Description

A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dir-632FW103B08

▶NVDdlink/dir-632_firmware103b08

🔴Vulnerability Details

GHSA

GHSA-3gvh-jvc6-266h: A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08↗2025-06-16

▶

CVEList

D-Link DIR-632 HTTP POST Request get_pure_content stack-based overflow↗2025-06-16

▶

📋Vendor Advisories

Microsoft

Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get↗2023-11-14

▶