PT-2025-12338 · D Link · D-Link Dir-605L+1
Yhryhryhr_Tu
·
Published
2025-03-20
·
Updated
2025-07-15
·
CVE-2025-2546
CVSS v4.0
5.3
Medium
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-618 version 2.02/3.02
D-Link DIR-605L version 2.02/3.02
Description
A problematic vulnerability was found in the Firewall Service component, affecting the /goform/formAdvFirewall file. This issue leads to improper access controls, requiring an attack to be launched within the local network. The exploit has been publicly disclosed. This vulnerability only affects products that are no longer supported by the maintainer.
Recommendations
For D-Link DIR-618 version 2.02/3.02, as a temporary workaround, consider restricting access to the /goform/formAdvFirewall endpoint of the Firewall Service until a patch is available.
For D-Link DIR-605L version 2.02/3.02, as a temporary workaround, consider restricting access to the /goform/formAdvFirewall endpoint of the Firewall Service until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-605L
D-Link Dir-618