{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4448", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-08T18:49:03.979Z", "datePublished": "2025-05-09T00:31:04.140Z", "dateUpdated": "2025-05-09T03:48:39.143Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-09T00:31:04.140Z"}, "title": "D-Link DIR-619L formEasySetupWizard buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "D-Link", "product": "DIR-619L", "versions": [{"version": "2.04B04", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "In D-Link DIR-619L 2.04B04 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formEasySetupWizard. Durch das Manipulieren des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2025-05-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-08T20:54:26.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "jylsec (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.308062", "name": "VDB-308062 | D-Link DIR-619L formEasySetupWizard buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.308062", "name": "VDB-308062 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.558357", "name": "Submit #558357 | D-Link DIR-619L 2.04B04 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formEasySetupWizard-curTime/README.md", "tags": ["related"]}, {"url": "https://www.dlink.com/", "tags": ["broken-link", "product"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-09T03:48:00.354072Z", "id": "CVE-2025-4448", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T03:48:39.143Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4448", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-09T03:48:00.354072Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T03:48:29.349Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "D-Link DIR-619L formEasySetupWizard buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "jylsec (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "D-Link", "product": "DIR-619L", "versions": [{"status": "affected", "version": "2.04B04"}]}], "timeline": [{"lang": "en", "time": "2025-05-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-08T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-08T20:54:26.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.308062", "name": "VDB-308062 | D-Link DIR-619L formEasySetupWizard buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.308062", "name": "VDB-308062 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.558357", "name": "Submit #558357 | D-Link DIR-619L 2.04B04 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formEasySetupWizard-curTime/README.md", "tags": ["related"]}, {"url": "https://www.dlink.com/", "tags": ["broken-link", "product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "In D-Link DIR-619L 2.04B04 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formEasySetupWizard. Durch das Manipulieren des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-09T00:31:04.140Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4448", "state": "PUBLISHED", "dateUpdated": "2025-05-09T03:48:39.143Z", "dateReserved": "2025-05-08T18:49:03.979Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-09T00:31:04.140Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer."}], "id": "CVE-2025-4448", "lastModified": "2025-05-09T01:15:50.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-05-09T01:15:50.470", "references": [{"source": "[email protected]", "url": "https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formEasySetupWizard-curTime/README.md"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.308062"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.308062"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.558357"}, {"source": "[email protected]", "url": "https://www.dlink.com/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "[email protected]", "type": "Primary"}]}

{}