CVE-2025-6614 — Improper Restriction of Operations within the Bounds of a Memory Buffer in D-link Dir-619l

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow CWE-835 — Infinite Loop4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.3%

top 47.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-619l Dlink Dir-619l Firmware

Timeline

PublishedJun 25

Latest updateJun 26

Description

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dir-619l2.06B01

▶NVDdlink/dir-619l_firmware2.06b1

🔴Vulnerability Details

GHSA

GHSA-3266-jrw3-w36w: A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2↗2025-06-26

▶

CVEList

D-Link DIR-619L formSetWANType_Wizard5 stack-based overflow↗2025-06-25

▶

📋Vendor Advisories

Microsoft

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.↗2024-07-09

▶