CVE-2025-2618
Published: 22 March 2025
Summary
CVE-2025-2618 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dap-1620 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits or safeguards the use of unsupported end-of-life devices like the D-Link DAP-1620, preventing exposure to this unpatched critical heap buffer overflow.
Enforces boundary protection to monitor and control remote network access to the vulnerable /dws/api/ path handler, blocking unauthenticated exploitation.
Requires timely identification and remediation of flaws such as this heap-based buffer overflow, including decommissioning or isolating affected unsupported components.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated heap-based buffer overflow in public-facing web API (/dws/api/set_ws_action) enables exploitation for initial access via public-facing application (T1190) and denial of service through application crash or system exploitation (T1499.004), with potential for RCE.
NVD Description
A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack…
more
may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-2618 is a critical heap-based buffer overflow vulnerability (CVSS 3.1 score of 9.8) affecting the D-Link DAP-1620 wireless access point running firmware version 1.03. The issue resides in the set_ws_action function within the /dws/api/ path handler component, linked to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-122 (Heap-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). Published on March 22, 2025, this flaw enables remote manipulation without restrictions.
The vulnerability can be exploited remotely by unauthenticated attackers (AV:N/AC:L/PR:N/UI:N) over the network with low complexity and no user interaction required. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises (C:H/I:H/A:H), potentially allowing arbitrary code execution on the device.
Advisories from VulDB indicate that the product is no longer supported by the maintainer, implying no official patches or updates are available. References point to detailed disclosures on VulDB and a public Notion page hosting the exploit, with the D-Link website providing general product information but no specific mitigation guidance.
Notable context includes the public disclosure of a working exploit, increasing the risk for remaining deployments of this end-of-life device.
Details
- CWE(s)