CVE-2025-2618 | THREATINT

Description

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Eine kritische Schwachstelle wurde in D-Link DAP-1620 1.03 entdeckt. Davon betroffen ist die Funktion set_ws_action der Datei /dws/api/ der Komponente Path Handler. Dank Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-03-21 | Published 2025-03-22 | Updated 2025-03-24 | Assigner VulDB

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10.0AV:N/AC:L/Au:N/C:C/I:C/A:C

Problem types

Heap-based Buffer Overflow

Memory Corruption

Product status

1.03

affected

Timeline

2025-03-21:	Advisory disclosed
2025-03-21:	VulDB entry created
2025-03-21:	VulDB entry last update

References

vuldb.com/?id.300620 (VDB-300620 | D-Link DAP-1620 Path api set_ws_action heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.300620 (VDB-300620 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.518963 (Submit #518963 | D-Link DAP-1620 1.03 Buffer Overflow) third-party-advisory

witty-maiasaura-083.notion.site/...a6361804e86dcde1e78ea2a8e exploit

www.dlink.com/ product

cve.org (CVE-2025-2618)

nvd.nist.gov (CVE-2025-2618)

Download JSON