Severity
Medium
Analysis Summary
CVE-2025-2553 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the virtual service, caused by improper access controls by the /goform/formVirtualServ endpoint.
CVE-2025-2552 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the tcpip service, caused by improper access controls by the /goform/formTcpipSetup endpoint.
CVE-2025-2551 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the port rules, caused by improper access controls by the /goform/formSetPortTr endpoint.
CVE-2025-2550 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the DDNS service, caused by improper access controls by the /goform/formSetDDNS endpoint.
CVE-2025-2549 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the password, caused by improper access controls by the /goform/formSetPassword endpoint.
CVE-2025-2548 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the parent control service, caused by improper access controls by the /goform/formSetDomainFilter endpoint.
CVE-2025-2547 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the upnp service, caused by improper access controls by the /goform/formAdvNetwork endpoint.
CVE-2025-2546 CVSS:4.3
D-Link DIR-618 and DIR-605L devices could allow a remote attacker to set the firewall and DMZ service, caused by improper access controls by the /goform/formAdvFirewall endpoint.
Impact
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-2553
CVE-2025-2552
CVE-2025-2551
CVE-2025-2550
CVE-2025-2549
CVE-2025-2548
CVE-2025-2547
CVE-2025-2546
Affected Vendors
- D-Link
Affected Products
- D-Link DIR-618 - 2.02 - 3.02
- D-Link DIR-605L - 2.02 - 3.02
Remediation
Refer to the D-Link Website for patch, upgrade, or suggested workaround information.