CVE-2025-6115 is a critical stack-based buffer overflow vulnerability identified in the D-Link DIR-619L router, specifically version 2.06B01. The flaw resides in the function form_macfilter, where improper handling of the input parameters mac_hostname_%d and sched_name_%d allows an attacker to overflow the stack buffer. This vulnerability can be exploited remotely without any authentication or user interaction, making it highly accessible to attackers. The overflow can lead to arbitrary code execution or cause the device to crash, impacting the confidentiality, integrity, and availability of the affected system. Although the vulnerability affects only an outdated and unsupported product version, the public disclosure of the exploit increases the risk of exploitation. The CVSS 4.0 score is 8.7 (high), reflecting the ease of remote exploitation and the severe impact on system security. The vulnerability does not require privileges or user interaction, and the scope is limited to the affected router model and firmware version. No official patches or updates are available from the vendor, increasing the risk for users who continue to operate this device in their networks.

For European organizations, the exploitation of this vulnerability could lead to significant network disruptions, unauthorized access, and potential lateral movement within internal networks. The DIR-619L router is typically used in small office/home office (SOHO) environments, but some small enterprises and branch offices might still rely on these devices due to cost or legacy infrastructure. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to interception of sensitive data, network traffic manipulation, or denial of service. This could compromise the confidentiality and integrity of communications and disrupt business operations. Given the lack of vendor support and patches, organizations using this device face prolonged exposure. Additionally, the public availability of exploit code increases the likelihood of opportunistic attacks, including those by cybercriminals targeting less-secured networks in Europe. The impact is particularly critical for sectors relying on secure and stable network infrastructure, such as finance, healthcare, and critical infrastructure providers.

Since the affected product is no longer supported and no official patches are available, organizations should prioritize the replacement of the D-Link DIR-619L routers with currently supported and updated hardware. Network administrators should conduct an inventory to identify any remaining DIR-619L devices running version 2.06B01. Until replacement, it is advisable to isolate these routers from untrusted networks by implementing strict firewall rules that limit remote access to management interfaces. Disabling remote management features and restricting access to trusted IP addresses can reduce exposure. Network segmentation should be employed to limit the potential impact of a compromised device. Monitoring network traffic for unusual activity originating from or targeting these routers can help detect exploitation attempts. Additionally, organizations should educate users about the risks of legacy devices and enforce policies to phase out unsupported hardware. If replacement is not immediately feasible, consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting this specific exploit to block attack attempts.