Stack-Based Buffer Overflow in D-Link DAP-1620 Cookie Handler
CVE-2025-2619

9.3CRITICAL

Key Information:

Vendor: D-link
Status: Dap-1620
Vendor: CVE Published:; 22 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-2619?

A stack-based buffer overflow was identified in the D-Link DAP-1620 1.03, specifically within the check_dws_cookie function of the Cookie Handler component. This vulnerability is exploitable remotely, allowing unauthorized access and manipulation. It predominantly affects D-Link products that are no longer receiving maintenance support, raising significant security concerns, especially since the exploit has been publicly disclosed.

Affected Version(s)

DAP-1620 1.03

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-2619 - Proof of Concept

References

https://vuldb.com/?id.300621

vdb-entrytechnical-description

https://vuldb.com/?ctiid.300621

signaturepermissions-required

https://vuldb.com/?submit.518968

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 22, 2025
👾
Exploit known to exist
Mar 22, 2025
Vulnerability published
Mar 22, 2025
Vulnerability Reserved
Mar 21, 2025

D-link

Badges

What is CVE-2025-2619?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline