CVE-2025-6114
BaseFortify
Publication date: 2025-06-16
Last updated on: 2025-06-17
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-619l_firmware | 2.06b01 |
| dlink | dir-619l | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6114 is a critical stack-based buffer overflow vulnerability in the D-Link DIR-619L router version 2.06B01. It occurs in the form_portforwarding function due to improper handling of input parameters ingress_name_%d, sched_name_%d, and name_%d. An attacker can send crafted input that overflows a stack buffer, potentially overwriting local variables or return addresses. This flaw can be exploited remotely without local access, allowing attackers to crash the device or execute arbitrary code. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected D-Link DIR-619L router. An attacker can remotely exploit the buffer overflow to crash the device or execute arbitrary code, potentially gaining control over the router. This can lead to network disruption, unauthorized access, and further attacks on connected systems. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if your network contains a D-Link DIR-619L router running firmware version 2.06B01. Since the vulnerability is triggered by manipulation of the parameters ingress_name_%d, sched_name_%d, and name_%d in the /goform/form_portforwarding endpoint, you can attempt to detect it by sending crafted HTTP requests to this endpoint with excessively long values for these parameters and observing the device's response or crash behavior. Specific commands could include using curl or similar tools to send such requests, for example: curl -X POST http://<router-ip>/goform/form_portforwarding -d "ingress_name_1=$(python -c 'print("A"*1000)')&sched_name_1=$(python -c 'print("A"*1000)')&name_1=$(python -c 'print("A"*1000)')". Monitoring for crashes or abnormal behavior indicates vulnerability. However, no official detection scripts or commands are provided. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected D-Link DIR-619L device with an alternative product, as the device is no longer supported and no known mitigations or patches exist. Avoid exposing the device to untrusted networks, restrict remote access to the /goform/form_portforwarding endpoint if possible, and monitor network traffic for suspicious requests targeting the vulnerable parameters. Since exploitation is remote and easy, removing or isolating the device is the most effective mitigation. [1]