CVE-2025-8978
Published: 14 August 2025
Summary
CVE-2025-8978 is a medium-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Dlink Dir-619L Firmware. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
A vulnerability exists in the D-Link DIR-619L wireless router running firmware version 6.02CN02. The issue resides in the FirmwareUpgrade function within the boa web server component and stems from insufficient verification of data authenticity, tracked as CWE-345. An attacker can supply manipulated firmware data during an upgrade operation, and the flaw affects only devices that are no longer supported by the vendor.
The vulnerability can be triggered remotely, although successful exploitation requires high attack complexity and administrative privileges. An authenticated attacker who supplies crafted firmware can achieve full control over the device, resulting in high impact to confidentiality, integrity, and availability. A public proof-of-concept has been released, indicating that the exploit is known and potentially usable despite the noted difficulty.
The affected product has reached end-of-support, and no patches are expected from the maintainer. The associated EPSS score remains flat at 0.0163 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24944
Vulnerability details
A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is…
more
rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in the FirmwareUpgrade function allows remote authenticated attackers to bypass data authenticity checks and upload tampered firmware, enabling exploitation of a public-facing web application (T1190), denial of service via bad firmware (T1499.004), and persistent arbitrary code execution by modifying system firmware (T1542.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic verification of firmware integrity and authenticity before installation, blocking the exact CWE-345 flaw in FirmwareUpgrade.
Mandates that firmware components be digitally signed and verified prior to use, preventing acceptance of unauthenticated upgrade images.
Requires replacement or isolation of unsupported components (explicitly noted for this end-of-life device) to eliminate exposure to unpatchable firmware-authenticity weaknesses.