Primary

Context

D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-619L router running firmware version 2.06B01. The issue arises in the 'formSetEmail' function within the file '/goform/formSetEmail'. The vulnerability can be exploited remotely by manipulating the 'curTime' and 'config.smtp_email_subject' parameters. This exploitation allows for arbitrary code execution, potentially leading to a crash of the router.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, allowing remote attackers to execute arbitrary code on the affected device.

Reproduction

To reproduce this vulnerability, send a request to the '/goform/formSetEmail' endpoint with overly long data in the 'curTime' and 'config.smtp_email_subject' parameters. The excessive length of the input will trigger the stack-based buffer overflow.

Added: Jun 20, 2025, 10:19 PM

Updated: Jun 20, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

D-Link DIR-619L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating