CVE-2025-2549
Published: 20 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-2549 is a problematic vulnerability affecting D-Link DIR-618 and DIR-605L routers on firmware versions 2.02 and 3.02. The issue involves an unknown functionality in the /goform/formSetPassword file, where manipulation results in improper access controls (CWE-266, CWE-284). Published on 2025-03-20, it carries a CVSS v3.1 base score of 4.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) and impacts only products no longer supported by the maintainer.
Attackers positioned within the local network can exploit this vulnerability with low complexity, no required privileges, and no user interaction. Exploitation enables manipulation leading to improper access controls, resulting in low-impact integrity violations but no effects on confidentiality or availability.
Advisories note that the exploit has been publicly disclosed and may be used, with details available via VulDB entries (ctiid.300163, id.300163) and Notion pages specific to the DIR-605L and DIR-618. No patches are available due to end-of-support status for the affected products.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The improper access control vulnerability in /goform/formSetPassword allows unauthenticated local network attackers to set the admin password via crafted HTTP POST, enabling exploitation for privilege escalation (T1068).