CVE-2025-2621
Published: 22 March 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-2621 is a critical stack-based buffer overflow vulnerability in the check_dws_cookie function within the /storage file of D-Link DAP-1620 version 1.03. It is triggered by manipulation of the uid argument and is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). The issue carries a CVSS v3.1 base score of 9.8, reflecting its high severity due to network accessibility with low complexity and no required privileges or user interaction.
The vulnerability can be exploited remotely by unauthenticated attackers with no privileges (AV:N/AC:L/PR:N/UI:N), potentially leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation allows arbitrary code execution via the buffer overflow, enabling full system compromise on affected devices.
Advisories from sources like VulDB indicate that the vulnerability affects only D-Link DAP-1620 products no longer supported by the manufacturer, with no patches available. The D-Link website provides general product information but no specific mitigation for this issue. Security practitioners should isolate or decommission affected devices, as referenced in VulDB entries and a detailed Notion disclosure.
The exploit has been publicly disclosed and may be actively used, increasing risks for unpatched, end-of-life deployments.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote unauthenticated stack-based buffer overflow in the D-Link DAP-1620 web interface (/storage/check_dws_cookie via uid parameter) enables exploitation of a public-facing application and remote services, facilitating remote code execution.