Improper Access Control in D-Link DIR-618 and DIR-605L Network Routers
CVE-2025-2552
Key Information:
Badges
Summary
A notable vulnerability has been identified in the D-Link DIR-618 and DIR-605L routers, specifically affecting the /goform/formTcpipSetup file. This flaw is characterized by inadequate access controls, requiring a local network access for potential exploitation. Users of these products should be particularly cautious, as the vulnerability exposes them to unauthorized network access. It is important to note that this issue impacts devices that are no longer supported by D-Link, raising significant security concerns for those still utilizing these models.
Affected Version(s)
DIR-605L 2.02
DIR-605L 3.02
DIR-618 2.02
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved