PT-2025-12340 · D Link · D-Link Dir-605L+1

Wxhwxhwxh_Tutu

Published

2025-03-20

Updated

2025-03-20

CVE-2025-2548

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DIR-618 versions 2.02/3.02 D-Link DIR-605L versions 2.02/3.02

Description A vulnerability was found in the file /goform/formSetDomainFilter, affecting an unknown function. The manipulation leads to improper access controls. The attack can only be initiated within the local network. This issue only affects products that are no longer supported by the maintainer.

Recommendations For D-Link DIR-618 versions 2.02/3.02, consider disabling access to the /goform/formSetDomainFilter file until a solution is available. For D-Link DIR-605L versions 2.02/3.02, consider disabling access to the /goform/formSetDomainFilter file until a solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

BDU:2025-05468

CVE-2025-2548

Affected Products

D-Link Dir-605L

D-Link Dir-618

PT-2025-12340 · D Link · D-Link Dir-605L+1

CVE-2025-2548

Weakness Enumeration

Related Identifiers

Affected Products

References · 14