ByteOS Network

Vulnerability Details :

CVE-2025-8978

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-14 Aug, 2025 | 19:02

Updated At-14 Aug, 2025 | 19:51

D-Link DIR-619L boa FirmwareUpgrade data authenticity

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:14 Aug, 2025 | 19:02

Updated At:14 Aug, 2025 | 19:51

▼CVE Numbering Authority (CNA)

D-Link DIR-619L boa FirmwareUpgrade data authenticity

Affected Products

Vendor

D-Link Corporation

Product

DIR-619L

Modules

Versions

Affected

6.02CN02

Problem Types

Type	CWE ID	Description
CWE	CWE-345	Insufficient Verification of Data Authenticity

Type: CWE

CWE ID: CWE-345

Description: Insufficient Verification of Data Authenticity

Metrics

Version	Base score	Base severity	Vector
4.0	7.5	HIGH	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.0	6.6	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.0	6.8	N/A	AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Version: 4.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Version: 3.0

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Version: 2.0

Base score: 6.8

Base severity: N/A

Vector:

AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Credits

reporter

IOT_Res (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-08-13 00:00:00
VulDB entry created	2025-08-13 02:00:00
VulDB entry last update	2025-08-13 18:43:51

Event: Advisory disclosed

Date: 2025-08-13 00:00:00

Event: VulDB entry created

Date: 2025-08-13 02:00:00

Event: VulDB entry last update

Date: 2025-08-13 18:43:51

References

Hyperlink	Resource
https://vuldb.com/?id.319974	vdb-entry technical-description
https://vuldb.com/?ctiid.319974	signature permissions-required
https://vuldb.com/?submit.628599	third-party-advisory
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md	exploit patch
https://www.dlink.com/	product

Hyperlink: https://vuldb.com/?id.319974

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.319974

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.628599

Resource:

third-party-advisory

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md

Resource:

exploit

patch

Hyperlink: https://www.dlink.com/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md	exploit

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:14 Aug, 2025 | 19:15

Updated At:15 Aug, 2025 | 13:12

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.6	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	2.0	6.8	MEDIUM	AV:N/AC:H/Au:M/C:C/I:C/A:C

Type: Secondary

Version: 4.0

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:M/C:C/I:C/A:C

Weaknesses

CWE ID	Type	Source
CWE-345	Secondary	cna@vuldb.com

CWE ID: CWE-345

Type: Secondary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.319974	cna@vuldb.com	N/A
https://vuldb.com/?id.319974	cna@vuldb.com	N/A
https://vuldb.com/?submit.628599	cna@vuldb.com	N/A
https://www.dlink.com/	cna@vuldb.com	N/A
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.319974

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.319974

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.628599

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://www.dlink.com/

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

Similar CVEs

3Records found

CVE-2025-4544

Matching Score-8

Assigner-VulDB

View Details

Matching Score-8

Assigner-VulDB

CVSS Score-7.5||HIGH

EPSS-0.24% / 46.90%

7 Day CHG~0.00%

Published-11 May, 2025 | 18:31

Updated-22 May, 2025 | 18:24

D-Link DI-8100 jhttpd ddos.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument def_max/def_time/def_tcp_max/def_tcp_time/def_udp_max/def_udp_time/def_icmp_max leads to stack-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult.

Vendor-D-Link Corporation

Product-di-8100 di-8100_firmware DI-8100

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-8979

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-7.5||HIGH

EPSS-0.03% / 7.30%

7 Day CHG~0.00%

Published-14 Aug, 2025 | 19:32

Updated-18 Aug, 2025 | 15:03

Tenda AC15 Firmware Update check_fw data authenticity

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Vendor-Tenda Technology Co., Ltd.

Product-ac15 ac15_firmware AC15

CWE ID-CWE-345

Insufficient Verification of Data Authenticity

CVE-2025-8980

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-7.5||HIGH

EPSS-0.03% / 7.51%

7 Day CHG~0.00%

Published-14 Aug, 2025 | 19:32

Updated-18 Aug, 2025 | 15:04

Tenda G1 Firmware Update check_upload_file data authenticity

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Vendor-Tenda Technology Co., Ltd.

Product-g1 g1_firmware G1

CWE ID-CWE-345

Insufficient Verification of Data Authenticity

CVE-2025-8978

Credits

D-Link DIR-619L boa FirmwareUpgrade data authenticity

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs