CVE-2025-6367 is a critical stack-based buffer overflow vulnerability identified in the D-Link DIR-619L router, specifically version 2.06B01. The vulnerability resides in the handling of HTTP requests directed at the /goform/formSetDomainFilter endpoint. By manipulating certain parameters—namely curTime, sched_name_%d, and url_%d—an attacker can trigger a stack-based buffer overflow. This type of vulnerability occurs when more data is written to a buffer located on the stack than it can hold, potentially overwriting adjacent memory and leading to arbitrary code execution or system crashes. The vulnerability can be exploited remotely without any authentication or user interaction, as the attack vector is a network request to the affected endpoint. The CVSS 4.0 score of 8.7 reflects a high severity, with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). Although the vulnerability is publicly disclosed and exploits may be developed, there are currently no known exploits in the wild. Importantly, the affected product is no longer supported by the vendor, meaning no official patches or updates are available to remediate this issue. This increases the risk for organizations still using this hardware, as they cannot rely on vendor-supplied fixes and must consider alternative mitigation strategies. The vulnerability's exploitation could allow attackers to execute arbitrary code on the router, potentially leading to full device compromise, interception or manipulation of network traffic, disruption of network services, or use of the device as a pivot point for further attacks within an organization’s network.

For European organizations, the exploitation of CVE-2025-6367 could have significant consequences. The D-Link DIR-619L is a consumer and small office/home office (SOHO) router, which may still be in use in smaller enterprises or branch offices. Successful exploitation could lead to complete compromise of the router, enabling attackers to intercept sensitive data, disrupt internet connectivity, or launch further attacks against internal network resources. This could result in data breaches, operational downtime, and reputational damage. Since the device is no longer supported, organizations cannot apply vendor patches, increasing exposure. Additionally, compromised routers can be enlisted into botnets or used to bypass network security controls, amplifying the threat. The impact is particularly critical for organizations handling sensitive personal data subject to GDPR, as breaches could lead to regulatory penalties. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation if vulnerable devices are exposed to the internet or accessible from untrusted networks.

Given the absence of vendor patches, European organizations should adopt a multi-layered mitigation approach. First, identify and inventory all D-Link DIR-619L devices in their environment, especially version 2.06B01. If possible, replace these devices with supported hardware that receives regular security updates. If replacement is not immediately feasible, isolate the vulnerable routers by restricting access to the /goform/formSetDomainFilter endpoint via firewall rules or network segmentation, limiting exposure to trusted management networks only. Disable remote management features on these routers to prevent external exploitation. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability. Monitor network traffic for anomalous patterns indicative of buffer overflow exploitation attempts. Additionally, enforce strict network access controls and consider deploying endpoint detection and response (EDR) solutions on connected hosts to detect lateral movement originating from compromised routers. Finally, educate staff about the risks of using unsupported network devices and the importance of timely hardware lifecycle management.