CVE-2025-2620

CRITICAL

D-Link DAP-1620 1.03 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-2620. PoCs published by Otsmane-Ahmed.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2025-2620, a stack-based buffer overflow vulnerability in the D-Link DAP-1620 router. The exploit demonstrates both buffer overflow testing and remote code execution capabilities.

Description

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Exploits (1)

nomisec WORKING POC 10 stars

by Otsmane-Ahmed · poc

https://github.com/Otsmane-Ahmed/CVE-2025-2620-poc

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2025-2620, a stack-based buffer overflow vulnerability in the D-Link DAP-1620 router. The exploit demonstrates both buffer overflow testing and remote code execution capabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: D-Link DAP-1620 firmware version 1.03

No auth needed

Prerequisites: Network access to the vulnerable router · Python environment with pwntools installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.300622

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.300622

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.518969

Exploit, Third Party Advisory exploit

https://witty-maiasaura-083.notion.site/D-link-DAP-1620-mod_graph_auth_uri_handler-Vulnerability-1afb2f2a6361809ea7f2dc4df3b85f1f

Product product

https://www.dlink.com/

Scores

CVSS v3 9.8

EPSS 0.0692

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-119 CWE-121 CWE-787

Status published

Products (1)

dlink/dap-1620_firmware 1.03

Published Mar 22, 2025

Tracked Since Feb 18, 2026