VDB-308066 · CVE-2025-4452 · GCVE-100-308066

D-Link DIR-619L 2.04B04 formSetWizard2 curTime ବଫର୍ ଓଭରଫ୍ଲୋ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame D-Link DIR-619L 2.04B04 keessatti argameera. Miidhamni argame is hojii formSetWizard2. Wanti jijjiirame irratti curTime gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-120 si geessa. Odeeffannoon kun yeroo 05/08/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2025-4452 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Meeshaa balaa kana fayyadamuuf hin jirre. Ammas, gatii exploit might be approx. USD $5k-$25k yeroo ammaa irratti argamuu danda'a. ଅପରିଭାଷିତ ta’uu isaa ibsameera. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $25k-$100k akka ta'e tilmaamameera. If you want to get best quality of vulnerability data, you may have to visit VulDB.

2 ଆଡାପ୍ଟେସନ୍ · 85 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 05/08/2025 08:54 PM	ଅଦ୍ୟତନ 1/1 05/09/2025 01:39 PM
software_vendor	D-Link	D-Link
software_name	DIR-619L	DIR-619L
software_version	2.04B04	2.04B04
software_function	formSetWizard2	formSetWizard2
software_argument	curTime	curTime
vulnerability_cwe	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	H	H
cvss3_vuldb_i	H	H
cvss3_vuldb_a	H	H
cvss3_vuldb_rc	R	R
advisory_url	https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formSetWizard2-curTime/README.md	https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formSetWizard2-curTime/README.md
source_cve	CVE-2025-4452	CVE-2025-4452
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure.	The vendor was contacted early about this disclosure.
cna_eol	1	1
software_type	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	C	C
cvss2_vuldb_ii	C	C
cvss2_vuldb_ai	C	C
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	H	H
cvss4_vuldb_vi	H	H
cvss4_vuldb_va	H	H
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss4_vuldb_e	X	X
cvss2_vuldb_basescore	9.0	9.0
cvss2_vuldb_tempscore	8.6	8.6
cvss3_vuldb_basescore	8.8	8.8
cvss3_vuldb_tempscore	8.5	8.5
cvss3_meta_basescore	8.8	8.8
cvss3_meta_tempscore	8.5	8.6
cvss4_vuldb_bscore	8.7	8.7
cvss4_vuldb_btscore	8.7	8.7
advisory_date	1746655200 (05/08/2025)	1746655200 (05/08/2025)
price_0day	$25k-$100k	$25k-$100k
cve_nvd_summary		A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		H
cvss4_cna_vi		H
cvss4_cna_va		H
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		8.7
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		H
cvss3_cna_i		H
cvss3_cna_a		H
cvss3_cna_basescore		8.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		C
cvss2_cna_ii		C
cvss2_cna_ai		C
cvss2_cna_basescore		9

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!