CVE-2025-6372

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Published: Jun 21, 2025
Updated: Jun 26, 2025
CVE: CVE-2025-6372
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119
CWE-121

Affected Software
References

Software	From	Fixed in
dlink / dir-619l_firmware	2.06b1	2.06b1.x

https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_72/72.md
https://vuldb.com/?ctiid.313365
https://vuldb.com/?id.313365
https://vuldb.com/?submit.597426
https://www.dlink.com/

Vulnerability Database

CVE-2025-6372

Deep Security Visibility Without the Complexity