Analysis Summary

CVE-2025-4441 CVSS:8.8

A vulnerability was found in D-Link DIR-605L. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4442 CVSS:8.8

A vulnerability was found in D-Link DIR-605L. It has been declared critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4443 CVSS:6.5

A vulnerability was found in D-Link DIR-605L. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4445 CVSS:6.3

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4448 CVSS:8.8

A vulnerability classified as critical was found in D-Link DIR-619L. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4449 CVSS:8.8

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L. This issue affects the function formEasySetupWizard3. The manipulation of the argument wan_connected leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4450 CVSS:8.8

A vulnerability, which was classified as critical, was found in D-Link DIR-619L. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4451 CVSS:8.8

A vulnerability has been found in D-Link DIR-619L and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-4452 CVSS:8.8

A vulnerability was found in D-Link DIR-619L and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that the maintainer no longer supports.

CVE-2025-4454 CVSS:6.3

A critical vulnerability has been discovered in D-Link DIR-619L firmware. The vulnerability impacts the wake_on_lan function, enabling remote command injection through manipulation of the mac argument. This security issue allows an attacker to execute commands remotely. The vulnerability specifically targets unsupported product versions, and the vendor was informed about the disclosure early in the process. Since the affected products are no longer maintained, users should take immediate steps to mitigate potential risks.

CVE-2025-4453 CVSS:6.3

A critical vulnerability exists in D-Link DIR-619L firmware, specifically within the formSysCmd function. The vulnerability allows remote command injection by manipulating the sysCmd argument. This security issue impacts unsupported product versions, with the vendor being notified early about the disclosure. An attacker can potentially execute unauthorized commands remotely by exploiting this weakness in the system's command processing mechanism.

Impact

• Gain Access
• Buffer Overflow

Indicators of Compromise

CVE

• CVE-2025-4441
• CVE-2025-4442
• CVE-2025-4443
• CVE-2025-4445
• CVE-2025-4448
• CVE-2025-4449
• CVE-2025-4450
• CVE-2025-4451
• CVE-2025-4452
• CVE-2025-4453
• CVE-2025-4454

Affected Vendors

Remediation

Refer to the D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website