CVE-2025-2620
Published: 22 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-2620 is a critical stack-based buffer overflow vulnerability (CVSS 3.1 score of 9.8) affecting the D-Link DAP-1620 wireless access point in version 1.03. The flaw resides in the mod_graph_auth_uri_handler function within the /storage file of the Authentication Handler component, linked to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). Published on March 22, 2025, it allows remote manipulation without authentication.
Attackers can exploit this vulnerability remotely over the network with low complexity, requiring no privileges, user interaction, or special conditions (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation grants high-impact confidentiality, integrity, and availability effects (C:H/I:H/A:H), potentially enabling arbitrary code execution, data theft, or device takeover on affected devices.
Advisories from VulDB indicate no patches are available, as the D-Link DAP-1620 is no longer supported by the manufacturer; mitigation requires isolating or retiring vulnerable devices. The exploit has been publicly disclosed and may be actively used, per references including VulDB entries and a detailed Notion write-up.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote stack-based buffer overflow in the web authentication handler (/storage mod_graph_auth_uri_handler) enables exploitation of a public-facing application for initial access or remote code execution (T1190, T1210) and denial-of-service via device crash (T1499.004).