CVE-2025-5912
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-16
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-632_firmware | 103b08 |
| dlink | dir-632 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5912 is a critical stack-based buffer overflow vulnerability in the D-Link DIR-632 router firmware FW103B08. It occurs in the do_file function of the HTTP POST Request Handler due to improper use of the strcat function without adequate bounds checking. This allows a specially crafted HTTP POST request to overflow the stack buffer, potentially enabling arbitrary code execution or denial of service. The vulnerability can be exploited remotely without authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including arbitrary code execution, denial of service, and compromise of the affected system's confidentiality, integrity, and availability. Since it can be exploited remotely without authentication, attackers can easily exploit this flaw to take control of the device or disrupt its operation. There are no known mitigations, and the affected products are no longer supported, so replacement is recommended. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for malicious HTTP POST requests targeting the D-Link DIR-632 router's do_file function, specifically crafted to trigger a stack-based buffer overflow. Detection can involve inspecting HTTP POST traffic for unusually large or malformed payloads. Since a public proof-of-concept exploit is available on GitHub, you can use tools like curl or custom scripts to simulate the exploit and verify if your device is vulnerable. For example, using curl to send a crafted POST request to the router's HTTP interface may help detect the vulnerability. However, no specific detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected D-Link DIR-632 device with an alternative product, as no known countermeasures or patches exist for this vulnerability. Since the product is no longer supported by the maintainer and the vulnerability can be exploited remotely without authentication, discontinuing use of the vulnerable device is strongly recommended to prevent exploitation. [2]