CVE-2025-6121

CVE-2025-6121

Information

CVE_ID              : CVE-2025-6121
Severity            : HIGH
Published        : 2025-06-16T12:15:19.970
LastModified  : 2025-06-17T19:37:29.160
Updated          : 2025-06-17T19:37:29.160
Status              : Analyzed

Descriptions:

A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.


Know Exploitability

Exploitability : False

Vendor Affected

dlink

CVE-2025-6121

V4.0

Score : 8.9
Severity : HIGH
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope :
Confidentiality Impact :
Integrity Impact :
Availability Impact :
Exploitability :
Impact Score :

V3.1

Score : 9.8
Severity : CRITICAL
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope : UNCHANGED
Confidentiality Impact : HIGH
Integrity Impact : HIGH
Availability Impact : HIGH
Exploitability : 3.9
Impact Score : 5.9

V3.0

V2.0

Score : 10.0
Severity : HIGH
Access Vector : NETWORK
Access Complexity : LOW
Authentication : NONE
Confidentiality Impact : COMPLETE
Integrity Impact : COMPLETE
Availability Impact : COMPLETE
Exploitability Score : 10.0
Impact Score : 10.0
References

https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink-get_pure_content

https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dir632-dlink-get_pure_content#poc

https://vuldb.com/?ctiid.312590

https://vuldb.com/?id.312590

https://vuldb.com/?submit.592574

https://www.dlink.com/

Vendor Product
dlink
  • dir-632_firmware103b08****
  • dir-632-****