Volerion logoVolerion
Volerion logoVolerion

D-Link DIR-605L and DIR-618 Improper Access Control Vulnerability in Firewall Service

Vulnerability

An improper access control vulnerability has been identified in the D-Link DIR-605L and DIR-618 routers, specifically in versions 2.02 and 3.02. The issue resides within the Firewall Service component, particularly in the '/goform/formAdvFirewall' file. This vulnerability allows unauthorized users to manipulate firewall settings by sending unauthenticated HTTP POST requests from within the local network. The routers affected by this vulnerability are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for unauthorized modification of firewall settings, potentially leading to unauthorized access or exposure of network resources.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP POST request to the '/goform/formAdvFirewall' endpoint. The request must include the appropriate headers to manipulate the firewall and DMZ settings on the device.

Remediation

It is recommended to implement proper firewall rules to block unauthorized access to the vulnerable endpoints.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
0.6
exploitability
6.2
remediation
0.0
relevance
0.0
threat
6.5
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.