Improper Access Controls in D-Link DIR-618 and DIR-605L Products
CVE-2025-2548
Key Information:
Badges
Summary
A security flaw in the D-Link DIR-618 and DIR-605L routers enables improper access controls through the file /goform/formSetDomainFilter. This vulnerability allows unauthorized manipulation of domain filter settings and can only be exploited within a local network environment. Significantly, it affects devices that are no longer maintained, leaving them exposed to potential attacks. Users of these models are strongly advised to consider upgrading or replacing their devices to mitigate the risks associated with this vulnerability.
Affected Version(s)
DIR-605L 2.02
DIR-605L 3.02
DIR-618 2.02
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved