CVE-2025-2618

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS

No CVSS.

References

Link	Resource
https://vuldb.com/?ctiid.300620	Permissions Required VDB Entry
https://vuldb.com/?id.300620	VDB Entry Third Party Advisory
https://vuldb.com/?submit.518963	Third Party Advisory VDB Entry
https://witty-maiasaura-083.notion.site/D-link-DAP-1620-set_ws_action-Vulnerability-1afb2f2a6361804e86dcde1e78ea2a8e	Exploit Third Party Advisory
https://witty-maiasaura-083.notion.site/D-link-DAP-1620-set_ws_action-Vulnerability-1afb2f2a6361804e86dcde1e78ea2a8e	Exploit Third Party Advisory
https://www.dlink.com/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dap-1620_firmware:1.03:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-1620:*:*:*:*:*:*:*:*

History

26 Mar 2025, 18:48

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dlink:dap-1620_firmware:1.03:::::::* cpe:2.3:h:dlink:dap-1620::::::::
CWE		CWE-787
First Time		Dlink dap-1620 Dlink Dlink dap-1620 Firmware
References	~~() https://www.dlink.com/ -~~	() https://www.dlink.com/ - Product
References	~~() https://vuldb.com/?ctiid.300620 -~~	() https://vuldb.com/?ctiid.300620 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?submit.518963 -~~	() https://vuldb.com/?submit.518963 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.300620 -~~	() https://vuldb.com/?id.300620 - VDB Entry, Third Party Advisory
References	~~() https://witty-maiasaura-083.notion.site/D-link-DAP-1620-set_ws_action-Vulnerability-1afb2f2a6361804e86dcde1e78ea2a8e -~~	() https://witty-maiasaura-083.notion.site/D-link-DAP-1620-set_ws_action-Vulnerability-1afb2f2a6361804e86dcde1e78ea2a8e - Exploit, Third Party Advisory

24 Mar 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : unknown
CWE	CWE-122 CWE-119

22 Mar 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-22 14:15

Updated : 2025-03-26 18:48

NVD link : CVE-2025-2618

Mitre link : CVE-2025-2618

JSON object : View

Products Affected

dlink

dap-1620_firmware
dap-1620

CWE

CWE-787

Out-of-bounds Write

JSON object

Attach tags to CVE-2025-2618

Attach tags to `CVE-2025-2618`