CVE-2025-2619
Published: 22 March 2025
Summary
CVE-2025-2619 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dap-1620 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits the use of end-of-support system components like the D-Link DAP-1620, preventing exposure to unpatchable critical vulnerabilities.
Requires risk-based remediation of identified flaws such as this stack-based buffer overflow, leading to patching, isolation, or decommissioning of affected devices.
Implements memory protection safeguards like stack canaries, ASLR, and NX bits to mitigate stack-based buffer overflow exploits and unauthorized code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated stack-based buffer overflow in the cookie handler of a public-facing wireless access point directly enables exploitation of a public-facing application (T1190) for initial access and arbitrary code execution.
NVD Description
A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the…
more
attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-2619 is a critical stack-based buffer overflow vulnerability (CVSS 3.1 score of 9.8) affecting the D-Link DAP-1620 wireless access point running firmware version 1.03. The issue resides in the check_dws_cookie function within the /storage file of the Cookie Handler component, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). Manipulation of the cookie handler triggers the overflow, and it impacts only products that are no longer supported by the maintainer.
The vulnerability enables remote exploitation without authentication (AV:N/AC:L/PR:N/UI:N/S:U), allowing unauthenticated attackers anywhere on the network to send crafted requests to the affected component. Successful exploitation can result in high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), potentially leading to arbitrary code execution, data disclosure, or device denial of service.
Advisories from sources like VulDB indicate no patches or mitigations are available, as the D-Link DAP-1620 is end-of-support. The exploit has been publicly disclosed, including details on VulDB and a Notion site, increasing the risk of active use against exposed, unpatched devices. Security practitioners should isolate or decommission affected hardware and monitor for anomalous traffic targeting the Cookie Handler.
Details
- CWE(s)