CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2621 – D-Link DAP-1620 storage check_dws_cookie stack-based overflow
https://notcve.org/view.php?id=CVE-2025-2621
22 Mar 2025 — A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.300623 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 2CVE-2025-2620 – D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow
https://notcve.org/view.php?id=CVE-2025-2620
22 Mar 2025 — A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Otsmane-Ahmed/CVE-2025-2620-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2619 – D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow
https://notcve.org/view.php?id=CVE-2025-2619
22 Mar 2025 — A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.300621 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2618 – D-Link DAP-1620 Path api set_ws_action heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2618
22 Mar 2025 — A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.300620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2553 – D-Link DIR-618/DIR-605L formVirtualServ access control
https://notcve.org/view.php?id=CVE-2025-2553
20 Mar 2025 — A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation leads to improper access controls. The attack needs to be approached within the local network. • https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formVirtualServ-1b153a41781f80b98645c3f7f4c5f4ae?pvs=4 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2552 – D-Link DIR-618/DIR-605L formTcpipSetup access control
https://notcve.org/view.php?id=CVE-2025-2552
20 Mar 2025 — A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation leads to improper access controls. Access to the local network is required for this attack to succeed. • https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formTcpipSetup-1b153a41781f80a7967ae08c81147a39?pvs=4 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2551 – D-Link DIR-618/DIR-605L formSetPortTr access control
https://notcve.org/view.php?id=CVE-2025-2551
20 Mar 2025 — A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is required for this attack. • https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetPortTr-1b153a41781f809d95c8e39c6c31c348?pvs=4 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2550 – D-Link DIR-618/DIR-605L DDNS Service formSetDDNS access control
https://notcve.org/view.php?id=CVE-2025-2550
20 Mar 2025 — A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-1b153a41781f80feb80bd24afc8f83d5?pvs=4 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2549 – D-Link DIR-618/DIR-605L formSetPassword access control
https://notcve.org/view.php?id=CVE-2025-2549
20 Mar 2025 — A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetPassword-1b153a41781f803d8166f9b551b30cd4?pvs=4 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2548 – D-Link DIR-618/DIR-605L formSetDomainFilter access control
https://notcve.org/view.php?id=CVE-2025-2548
20 Mar 2025 — A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Affected is an unknown function of the file /goform/formSetDomainFilter. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDomainFilter-1b153a41781f80498fcdf9d675df9b39?pvs=4 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •