Request a Demo
Rewterz
RedLine Stealer – Active IOCs
March 24, 2025
Rewterz
Multiple Microsoft Edge Chromium-based Vulnerabilities
March 24, 2025

Multiple D-Link DAP-1620 Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-2621 CVSS:9.8

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-2620 CVSS:9.8

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-2619 CVSS:9.8

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-2618 CVSS:9.8

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Impact

  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2025-2621

  • CVE-2025-2620

  • CVE-2025-2619

  • CVE-2025-2618

Affected Vendors

  • D-Link

Affected Products

  • D-Link DAP-1620 - 1.03

Remediation

Refer to D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website