Home

Description

EN DE

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Betroffen hiervon ist die Funktion FirmwareUpgrade der Komponente boa. Mittels Manipulieren mit unbekannten Daten kann eine insufficient verification of data authenticity-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-14 | Updated 2025-08-14 | Assigner VulDB




HIGH: 7.5CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
MEDIUM: 6.6CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
6.8AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Insufficient Verification of Data Authenticity

Product status

6.02CN02
affected

Timeline

2025-08-13:Advisory disclosed
2025-08-13:VulDB entry created
2025-08-13:VulDB entry last update

Credits

IOT_Res (VulDB User) reporter

References

vuldb.com/?id.319974 (VDB-319974 | D-Link DIR-619L boa FirmwareUpgrade data authenticity) vdb-entry technical-description

vuldb.com/?ctiid.319974 (VDB-319974 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.628599 (Submit #628599 | D-Link DIR619L 6.02CN02 CWE-287 Improper Authentication) third-party-advisory

github.com/...IOT_Firmware_Update/blob/main/Dlink/DIR619L.md exploit patch

www.dlink.com/ product

cve.org (CVE-2025-8978)

nvd.nist.gov (CVE-2025-8978)

Download JSON