CVE-2025-4452: D-Link DIR-619L formSetWizard2 buffer overflow
First published: Fri May 09 2025(Updated: )
A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-619 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4452?
The severity of CVE-2025-4452 is classified as critical.
How do I fix CVE-2025-4452?
To fix CVE-2025-4452, update the D-Link DIR-619L to the latest firmware version provided by the vendor.
What systems are affected by CVE-2025-4452?
CVE-2025-4452 affects the D-Link DIR-619L router running firmware version 2.04B04.
Can CVE-2025-4452 be exploited remotely?
Yes, CVE-2025-4452 can be exploited remotely due to its buffer overflow vulnerability.
What is the attack vector for CVE-2025-4452?
The attack vector for CVE-2025-4452 is through the manipulation of the curTime argument in the formSetWizard2 function.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/title
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/tags
- agent/epss
- agent/source
- vendor/d-link
- canonical/d-link dir-619