CVE-2025-6367 – This critical vulnerability in D-Link DIR-619L ... (How to Fix)

Q: What is the severity of CVE-2025-6367?

CVE-2025-6367 has a CVSS score of 8.8 (HIGH). This critical vulnerability in D-Link DIR-619L routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the web interface's domain filter functionality. Attackers can exploit this without authentication to potentially take full control of affected devices. Only products no longer supported by the vendor are affected.

📋 TL;DR

This critical vulnerability in D-Link DIR-619L routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the web interface's domain filter functionality. Attackers can exploit this without authentication to potentially take full control of affected devices. Only products no longer supported by the vendor are affected.

💻 Affected Systems

Products:

D-Link DIR-619L

Versions: 2.06B01

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects end-of-life products with no vendor support

📦 What is this software?

Dir 619l Firmware by Dlink

View all CVEs affecting Dir 619l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and use as pivot point into internal networks

🟠

Likely Case

Device takeover for botnet recruitment, credential theft, or network traffic interception

🟢

If Mitigated

Limited impact if device is isolated behind firewalls with strict network segmentation

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers but requires network access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making attacks easy to automate

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://www.dlink.com/

Restart Required: No

Instructions:

No official patch available. Device is end-of-life. Replace with supported hardware.

🔧 Temporary Workarounds

Disable WAN access to web interface

all

Block external access to router administration interface

Configure firewall to block port 80/443 from WAN to router IP

Disable domain filter feature

all

Turn off the vulnerable formSetDomainFilter functionality if possible

Navigate to router admin > Parental Controls > Domain Filter > Disable

🧯 If You Can't Patch

Immediately replace affected routers with supported models
Isolate vulnerable devices in separate VLAN with strict firewall rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface (Status > Firmware)

Check Version:

curl -s http://router-ip/ | grep -i firmware

Verify Fix Applied:

Verify router has been replaced with supported model or isolated from network

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/formSetDomainFilter with long parameter values
Unusual process execution or memory errors in system logs

Network Indicators:

Exploit traffic patterns to vulnerable endpoint
Unusual outbound connections from router

SIEM Query:

source="router-logs" AND uri="/goform/formSetDomainFilter" AND (param_length>100 OR status_code=500)

📊 Metadata

CVE ID: CVE-2025-6367

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34th percentile)

Published: June 20, 2025

Last Updated: June 25, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_67/67.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.313360 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.313360 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.597420 Third Party Advisory,VDB Entry
https://www.dlink.com/ Product
https://github.com/wudipjq/my_vuln/blob/main/D-Link6/vuln_67/67.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6367, you might also want to check these: