CVE-2025-2619
Published: 22 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-2619 is a critical stack-based buffer overflow vulnerability (CVSS 3.1 score of 9.8) affecting the D-Link DAP-1620 wireless access point running firmware version 1.03. The issue resides in the check_dws_cookie function within the /storage file of the Cookie Handler component, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). Manipulation of the cookie handler triggers the overflow, and it impacts only products that are no longer supported by the maintainer.
The vulnerability enables remote exploitation without authentication (AV:N/AC:L/PR:N/UI:N/S:U), allowing unauthenticated attackers anywhere on the network to send crafted requests to the affected component. Successful exploitation can result in high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), potentially leading to arbitrary code execution, data disclosure, or device denial of service.
Advisories from sources like VulDB indicate no patches or mitigations are available, as the D-Link DAP-1620 is end-of-support. The exploit has been publicly disclosed, including details on VulDB and a Notion site, increasing the risk of active use against exposed, unpatched devices. Security practitioners should isolate or decommission affected hardware and monitor for anomalous traffic targeting the Cookie Handler.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote unauthenticated stack-based buffer overflow in the cookie handler of a public-facing wireless access point directly enables exploitation of a public-facing application (T1190) for initial access and arbitrary code execution.