PT-2025-12345 · D Link · D-Link Dir-605L+1
Yhryhryhr_Backup
·
Published
2025-03-20
·
Updated
2025-03-20
·
CVE-2025-2553
CVSS v4.0
5.3
Medium
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-618 and DIR-605L versions 2.02/3.02
Description
A vulnerability was found in the processing of the file
/goform/formVirtualServ. This issue leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Recommendations
For D-Link DIR-618 and DIR-605L versions 2.02/3.02, as a temporary workaround, consider restricting access to the
/goform/formVirtualServ file until a patch is available. However, since these products are no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Incorrect Privilege Assignment
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-605L
D-Link Dir-618