Sign-up

ID

VAR-202503-2528


CVE

CVE-2025-2618


TITLE

D-Link Systems, Inc.  of  DAP-1620  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-002620

DESCRIPTION

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-1620 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-2618 // JVNDB: JVNDB-2025-002620

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1620scope:eqversion:1.03

Trust: 1.0

vendor:d linkmodel:dap-1620scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-1620scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-1620scope:eqversion:dap-1620 firmware 1.03

Trust: 0.8

sources: JVNDB: JVNDB-2025-002620 // NVD: CVE-2025-2618

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2618
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-002620
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2025-2618
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-002620
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-2618
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-002620
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-002620 // NVD: CVE-2025-2618

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-002620 // NVD: CVE-2025-2618

EXTERNAL IDS

db:NVDid:CVE-2025-2618

Trust: 2.6

db:VULDBid:300620

Trust: 1.8

db:JVNDBid:JVNDB-2025-002620

Trust: 0.8

sources: JVNDB: JVNDB-2025-002620 // NVD: CVE-2025-2618

REFERENCES

url:https://vuldb.com/?id.300620

Trust: 1.8

url:https://vuldb.com/?submit.518963

Trust: 1.8

url:https://witty-maiasaura-083.notion.site/d-link-dap-1620-set_ws_action-vulnerability-1afb2f2a6361804e86dcde1e78ea2a8e

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.300620

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2618

Trust: 0.8

sources: JVNDB: JVNDB-2025-002620 // NVD: CVE-2025-2618

SOURCES

db:JVNDBid:JVNDB-2025-002620
db:NVDid:CVE-2025-2618

LAST UPDATE DATE

2025-03-28T23:16:36.531000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-002620date:2025-03-27T00:34:00
db:NVDid:CVE-2025-2618date:2025-03-26T18:48:51.253

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-002620date:2025-03-27T00:00:00
db:NVDid:CVE-2025-2618date:2025-03-22T14:15:16.650