CVE-2025-8978
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-09-12
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-619l_firmware | 6.02cn02 |
| dlink | dir-619l | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the FirmwareUpgrade function of the boa component in the D-Link DIR-619L 6.02CN02 device. It involves insufficient verification of data authenticity during firmware upgrades, which means an attacker could potentially manipulate the firmware upgrade process. The attack can be launched remotely but is considered difficult to exploit and requires high complexity. The affected products are no longer supported by the maintainer.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to compromise the integrity of the device's firmware by bypassing authenticity checks during firmware upgrades. This could lead to unauthorized code execution, potentially resulting in loss of confidentiality, integrity, and availability of the device. However, the attack complexity is high and exploitability is difficult.
What immediate steps should I take to mitigate this vulnerability?
Since the affected products (D-Link DIR-619L 6.02CN02) are no longer supported by the maintainer, immediate mitigation steps include isolating the vulnerable device from untrusted networks, disabling remote firmware upgrade functionality if possible, and monitoring network traffic for suspicious activity related to firmware upgrades. Consider replacing the device with a supported model to ensure ongoing security updates.