CVE-2025-8978HIGH 8.1EPSS p36.6%

CVE-2025-8978CVE-2025-8978

Description

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.6% · 2026-06-19T12:03:05Z
Published2025-08-14
Last modified2025-09-12

Underlying weaknesses· 1

CWE-345

References

  1. https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md
  2. https://vuldb.com/?ctiid.319974
  3. https://vuldb.com/?id.319974
  4. https://vuldb.com/?submit.628599
  5. https://www.dlink.com/
  6. https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DIR619L.md

1

TypeTargetConfidenceTier
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-4188
CVE
CVE-2025-4449
CVE
CVE-2025-4453
CVE
CVE-2025-6617
CVE
CVE-2025-4448
CVE
CVE-2025-6115
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.