VDB-308064 · CVE-2025-4450 · GCVE-100-308064

D-Link DIR-619L 2.04B04 formSetEasy_Wizard curTime ବଫର୍ ଓଭରଫ୍ଲୋ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame D-Link DIR-619L 2.04B04 keessatti argameera. Kan miidhamte is hojii formSetEasy_Wizard. Hojii jijjiirraa irratti gaggeeffame curTime gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-120 geessa. Dadhabbii kana yeroo 05/08/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-4450tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $5k-$25k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $25k-$100k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

2 ଆଡାପ୍ଟେସନ୍ · 85 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 05/08/2025 08:54 PM	ଅଦ୍ୟତନ 1/1 05/09/2025 01:39 PM
advisory_url	https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formSetEasy_Wizard-curTime/README.md	https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formSetEasy_Wizard-curTime/README.md
source_cve	CVE-2025-4450	CVE-2025-4450
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure.	The vendor was contacted early about this disclosure.
cna_eol	1	1
software_vendor	D-Link	D-Link
software_name	DIR-619L	DIR-619L
software_version	2.04B04	2.04B04
software_function	formSetEasy_Wizard	formSetEasy_Wizard
software_argument	curTime	curTime
vulnerability_cwe	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	H	H
cvss3_vuldb_i	H	H
cvss3_vuldb_a	H	H
cvss3_vuldb_rc	R	R
software_type	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	C	C
cvss2_vuldb_ii	C	C
cvss2_vuldb_ai	C	C
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	H	H
cvss4_vuldb_vi	H	H
cvss4_vuldb_va	H	H
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss4_vuldb_e	X	X
cvss2_vuldb_basescore	9.0	9.0
cvss2_vuldb_tempscore	8.6	8.6
cvss3_vuldb_basescore	8.8	8.8
cvss3_vuldb_tempscore	8.5	8.5
cvss3_meta_basescore	8.8	8.8
cvss3_meta_tempscore	8.5	8.6
cvss4_vuldb_bscore	8.7	8.7
cvss4_vuldb_btscore	8.7	8.7
advisory_date	1746655200 (05/08/2025)	1746655200 (05/08/2025)
price_0day	$25k-$100k	$25k-$100k
cve_nvd_summary		A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		H
cvss4_cna_vi		H
cvss4_cna_va		H
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		8.7
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		H
cvss3_cna_i		H
cvss3_cna_a		H
cvss3_cna_basescore		8.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		C
cvss2_cna_ii		C
cvss2_cna_ai		C
cvss2_cna_basescore		9

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!