July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
RedLine Stealer – Active IOCs
March 24, 2025Multiple Microsoft Edge Chromium-based Vulnerabilities
March 24, 2025RedLine Stealer – Active IOCs
March 24, 2025Multiple Microsoft Edge Chromium-based Vulnerabilities
March 24, 2025
Severity
High
Analysis Summary
CVE-2025-2621 CVSS:9.8
A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-2620 CVSS:9.8
A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-2619 CVSS:9.8
A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-2618 CVSS:9.8
A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Impact
- Buffer Overflow
Indicators of Compromise
CVE
CVE-2025-2621
CVE-2025-2620
CVE-2025-2619
CVE-2025-2618
Affected Vendors
- D-Link
Affected Products
- D-Link DAP-1620 - 1.03
Remediation
Refer to D-Link Website for patch, upgrade, or suggested workaround information.